Edward Vermillion wrote:
And the session id is open to being stored in a bookmark or worse, sent
to someone else through a cut and paste of the URL.
Depending on what information that id controls and how long the sessions
are kept around id's in the URL could be a very bad thing indeed.
Agr
On May 10, 2007, at 11:40 AM, Richard Davey wrote:
[EMAIL PROTECTED] wrote:
That being the case I can never find out (using the built-in
sessions) until the second page request and it will always
include the session cookie in the URL. Which means the value
of the seesion cookie will be expos
[EMAIL PROTECTED] wrote:
That being the case I can never find out (using the built-in
sessions) until the second page request and it will always
include the session cookie in the URL. Which means the value
of the seesion cookie will be exposed, even if I am using SSL.
:( Back to the drawing bo
Mike,
Thanks for the super clear explanation.
This brings up a question. In order to decide whether to use
cookies or SID the built-in sessions must be testing to see if
the user's browser will accept the session cookies. How do
they do that?
By sending it out and checking to see whether
On 09 May 2007 16:36, [EMAIL PROTECTED] wrote:
> Ford, Mike writes:
>
> > > > You can also set up php.ini and use the built-in sessions with
> > > > http://php.net/session_start so that PHP will take care of this
> > > > for you.
> > >
> > > That is what I was intending to do. How do I find out
On Wed, May 9, 2007 10:36 am, [EMAIL PROTECTED] wrote:
> This brings up a question. In order to decide whether to use cookies
> or SID the built-in sessions must be testing to see if the user's
> browser will accept the session cookies. How do they do that?
The same way you would do it.
Actuall
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: 08 May 2007 20:57
> > You can also set up php.ini and use the built-in sessions with
> > http://php.net/session_start so that PHP will take care of this for
> > you.
>
> That is what I was intending to do.
On Tue, May 8, 2007 5:50 pm, itoctopus wrote:
> setcookie("cookie_name", "value");
> //redirect to another page using header
> header("location:".$your_url);
This will fail on some legacy browsers, if you need legacy browser
support.
In *MOST* architectures, your visitor can be given the cookie o
On Tue, May 8, 2007 2:56 pm, [EMAIL PROTECTED] wrote:
> Richard Lynch writes:
>> Send one cookie, see if it comes back, and if it does, tie
>> everything to that cookie.
>
> OK. So how do I see if it comes back?
if (isset($_COOKIE['foo'])){
//cookie came back
}
else{
//cookie did NOT come bac
9 matches
Mail list logo
