NYCPHP Meetup

NYPHP.org

[nycphp-talk] Session basics

Brian O'Connor gatzby3jr at gmail.com
Fri Aug 19 00:11:34 EDT 2005


Why is it that in my php.ini I have session.use_cookies set to 1, but when I 
view a site of mine it appends the links to say ?PHPSESSID=xxxxxxxxxxxxx, 
even though my browser has cookies enabled?

I think I'm going to set session.use_only_cookies to 1 as well, but I'm 
always learly about limiting a portion of the community from viewing content 
if there's an availible workaround for it.

On 8/11/05, David Mintz <dmintz at davidmintz.org> wrote:
> 
> On Thu, 11 Aug 2005, Brian O'Connor wrote:
> 
> > So what you're saying is if I see a "?PHPSESSID=xxxxxxxxxxxx" in the URL 
> of
> > my site, than it is vulnerable?
> 
> Yeah.
> 
> 
> ---
> David Mintz
> http://davidmintz.org/
> _______________________________________________
> New York PHP Talk Mailing List
> AMP Technology
> Supporting Apache, MySQL and PHP
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.nyphp.org
> 



-- 
Brian O'Connor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20050819/5e584c27/attachment.html>


More information about the talk mailing list