Re: [Phplib-users] Sessions where are we going??
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Sessions where are we going??
|
From: Giancarlo <gia...@na...> - 2002-07-01 12:09:44
|
Donncha O Caoimh wrote: > Err.. we're all in favour of using PHP4 sessions to store phplib session data > aren't we? I am not so against PHP4 session storage, as I am against PHP4 session propagation. Unfortunately the two things go together, are bundled,, unless we resume, for Max's session_custom class, the release_token, get_id methods etc that are into phplib. That is the real weak point of PHP4 session: the propagation. URL has precedence, user-provided ids make their way, there does not exist a 'cookie_only' option (which is the choice thas gives the best guarantees available) to block the former. How many people are aware that if they not set an expire for their auth, it is accessible for 24 H via a simple url? How many use fallback_mode='get' with no expire on auth? What are the advantages of letting users create sessions with any value they provide? Gian |
