RE: [Phplib-users] Re: latest snapshot
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
RE: [Phplib-users] Re: latest snapshot
|
From: Rob H. <rob...@ws...> - 2002-11-06 21:16:41
|
I'm not Gian but... If you allow the session ID to be passed in as a string, then someone can hijack a session by simply passing the session ID in the get string. A cookie is much harder to insert, and since they are session cookies, they can't easily be viewed or replicated... Thanks, Rob Hutton Web Safe www.wsafe.com > -----Original Message----- > From: php...@li... > [mailto:php...@li...]On Behalf Of Richard > Archer > Sent: Wednesday, November 06, 2002 5:58 AM > To: php...@li... > Subject: Re: [Phplib-users] Re: latest snapshot > > > At 9:13 +0100 5/11/02, Giancarlo wrote: > > >One of the things I think everyone really needs is the > possibility to shift > >from a less secure get/trans-sid propagation method, to a more secure > >only_cookies propagation > > > Giancarlo, > > Please remind me again... why is passing the session ID in a cookie > more secure than passing it in a GET string? Is this simply due to > bugs and illogic in the PHPLIB and/or PHP session ID allocation? > > ...Richard. > > > ------------------------------------------------------- > This sf.net email is sponsored by: See the NEW Palm > Tungsten T handheld. Power & Color in a compact size! > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users > > |
