[Phplib-users] cookie vs get
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
[Phplib-users] cookie vs get
|
From: Dennis G. <ge...@cv...> - 2003-04-08 20:14:32
|
There's new code that prevents users from using the GET functionality to create sessions on the site using PHPLIB. Well, Using: session4.inc custom_session4.inc I created a session on my browser. Then I went to the database and deleted all the sessions. I then reloaded the browser and the session reappeared in the database. So, does this mean someone using a terminal program or other program who is capable of handwriting an HTML exchange, could craft a cookie session and have it be accepted? If this is true, that means: Creating a GET session can't be done, Createing a COOKIE session CAN be done? Also, I don't know if this is the fault of PHPLIB, or the PHP4 Native sessions. |
