This really is like life, PHP Sessions aren't particularly secure, just make
a form to post PHPSESSID of a true session to one of ya pages and you can
"steal" a session!

Its possible to check IPs and so on,

PHP's sessions use text files (by default), and pre-populate
$_SESSION/$HTTP_SESSION_VARS.  They use cookies, if no cookies are allowed,
they append to forms and a hrefs.  This makes them very easy to integrate
into a website because they do it seemlessly.

"Phpcoder" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> HI
> While waiting for responses on my first question, I've done some reading
> on sessions, and came up with the following questions:
> First, I have been coding with PHP for a while without knowing about
> sessions, and have completed a couple of rather large projects without
> using sessions as such, yet, much of what I have read on sessions, I
> have done "manually" already by creating my own unique "id's" and
> passing them on via url to the subsequent pages.
> So, here is my question.
> Is sessions basically just that, made "easier" , or are there
> fundamental differences/advantages. I know (now after reading a bit)
> about the use of cookies etc if availale when using sessions, and that
> you cannot "overwrite" a session variable by passing it via url, but are
> those the only differences? So, basically, do you really HAVE to use
> sessions, or is it like most other things in life; "there are more than
> one way to skin a cat". Are there set "rules" or guidelines to when one
> would definately absolutely have to use sessions?
>
> Thanks
> Hope I make sense...
>
>
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to