[nycphp-talk] Session basics
Chris Shiflett
shiflett at php.net
Fri Aug 19 14:58:44 EDT 2005
Aaron Fischer wrote:
> If the session has expired such as in browser close or timeout, the
> bookmarked page won't be a liability as the session id in the URL won't
> find a matching session id on the server.
The server doesn't know when the browser is closed, so that part's not
right. It is true that a session timeout (on the server side) offers
some protection against this type of accidental hijacking.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
More information about the talk
mailing list