Re: [Phplib-users] Re: latest snapshot
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Re: latest snapshot
|
From: Giancarlo <gia...@na...> - 2002-11-06 21:46:59
|
> If you allow the session ID to be passed in as a string, then someone can > hijack a session by simply passing the session ID in the get string. A > cookie is much harder to insert, and since they are session cookies, they > can't easily be viewed or replicated... the requested url passes in cleartext, even with SSL, while msg headers (cookies) and bodies are encrypted. Gian |
