This really is like life, PHP Sessions aren't particularly secure, just make a form to post PHPSESSID of a true session to one of ya pages and you can "steal" a session!
Its possible to check IPs and so on, PHP's sessions use text files (by default), and pre-populate $_SESSION/$HTTP_SESSION_VARS. They use cookies, if no cookies are allowed, they append to forms and a hrefs. This makes them very easy to integrate into a website because they do it seemlessly. "Phpcoder" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > HI > While waiting for responses on my first question, I've done some reading > on sessions, and came up with the following questions: > First, I have been coding with PHP for a while without knowing about > sessions, and have completed a couple of rather large projects without > using sessions as such, yet, much of what I have read on sessions, I > have done "manually" already by creating my own unique "id's" and > passing them on via url to the subsequent pages. > So, here is my question. > Is sessions basically just that, made "easier" , or are there > fundamental differences/advantages. I know (now after reading a bit) > about the use of cookies etc if availale when using sessions, and that > you cannot "overwrite" a session variable by passing it via url, but are > those the only differences? So, basically, do you really HAVE to use > sessions, or is it like most other things in life; "there are more than > one way to skin a cat". Are there set "rules" or guidelines to when one > would definately absolutely have to use sessions? > > Thanks > Hope I make sense... > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
