-Mensagem original-
De: Nitsan Bin-Nun [mailto:[EMAIL PROTECTED]
The session.use_trans_sid setting automaticly adds
> sid=**(32-chars-sess-id)**
>
to the url's of the website,
it should solve your problem
ME -> I added "session.use_trans_sid = 1" to the beggining of my php.ini
file an
De: Daniel Brown [mailto:[EMAIL PROTECTED]
Probably because of the fear of session hijacking and spoofing.
The thing is, a handwritten cookie is just as effective for
that, by changing the PHPSESSID (or equivalent). In any case,
a 32-byte hexadecimal hash should be sufficient security for
De: Daniel Brown [mailto:[EMAIL PROTECTED]
On Fri, Apr 4, 2008 at 2:37 PM, Thiago Pojda
<[EMAIL PROTECTED]> wrote:
> De: Ryan Yagatich [mailto:[EMAIL PROTECTED]
>
> you mean like session.use_trans_sid in php.ini?
>
>
> How does this thing work anyway? As far as I read, it adds the
De: Ryan Yagatich [mailto:[EMAIL PROTECTED]
you mean like session.use_trans_sid in php.ini?
How does this thing work anyway? As far as I read, it adds the session id to
every (default behavior) href and a hidden field in forms, right?
I *think* it just does that when you have cookies d
De: Ryan Yagatich [mailto:[EMAIL PROTECTED]
you mean like session.use_trans_sid in php.ini?
Never heard of it, just RTFM'ed and it looks like the solution.
I'll be trying it and reply with the results. Thanks!
Thiago
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visi
5 matches
Mail list logo
