On 6/14/07 8:58 PM, "Michael Southwell" <[EMAIL PROTECTED]> wrote:
> Rolan Yang, David Krings, and Paul Jones all suggested that the > problem might be caused by users who weren't accepting cookies (and > for whom the session id therefore needed to be passed as a $_GET > variable); they were right. As soon as I fixed the redirect to > include that, the problems went away. Thanks, guys, and everybody > else who responded. > > Michael Southwell, Vice President for Education > New York PHP > http://www.nyphp.com/training - In-depth PHP Training Courses Just remember, its a balancing act between usability and security. By including the session id in the URL, you are exposing it, allowing it to be bookmarked, forwarded, etc. I'm sure Chris or Chris could provide far more insight. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
