[nycphp-talk] Session basics
Brian O'Connor
gatzby3jr at gmail.com
Fri Aug 19 00:11:34 EDT 2005
Why is it that in my php.ini I have session.use_cookies set to 1, but when I
view a site of mine it appends the links to say ?PHPSESSID=xxxxxxxxxxxxx,
even though my browser has cookies enabled?
I think I'm going to set session.use_only_cookies to 1 as well, but I'm
always learly about limiting a portion of the community from viewing content
if there's an availible workaround for it.
On 8/11/05, David Mintz <dmintz at davidmintz.org> wrote:
>
> On Thu, 11 Aug 2005, Brian O'Connor wrote:
>
> > So what you're saying is if I see a "?PHPSESSID=xxxxxxxxxxxx" in the URL
> of
> > my site, than it is vulnerable?
>
> Yeah.
>
>
> ---
> David Mintz
> http://davidmintz.org/
> _______________________________________________
> New York PHP Talk Mailing List
> AMP Technology
> Supporting Apache, MySQL and PHP
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.nyphp.org
>
--
Brian O'Connor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20050819/5e584c27/attachment.html>
More information about the talk
mailing list