phplib-users Mailing List for PHPLIB (Page 32)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

>   If you allow the session ID to be passed in as a string, then someone can
> hijack a session by simply passing the session ID in the get string.  A
> cookie is much harder to insert, and since they are session cookies, they
> can't easily be viewed or replicated...

the requested url  passes in cleartext, even with SSL, while msg headers 
(cookies) and bodies are encrypted.

Gian

2001	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug (106)	Sep (99)	Oct (44)	Nov (97)	Dec (60)
2002	Jan (56)	Feb (81)	Mar (134)	Apr (69)	May (106)	Jun (122)	Jul (98)	Aug (52)	Sep (184)	Oct (219)	Nov (102)	Dec (106)
2003	Jan (88)	Feb (37)	Mar (46)	Apr (51)	May (30)	Jun (17)	Jul (45)	Aug (19)	Sep (5)	Oct (4)	Nov (12)	Dec (7)
2004	Jan (11)	Feb (7)	Mar	Apr (15)	May (17)	Jun (13)	Jul (5)	Aug	Sep (8)	Oct (6)	Nov (21)	Dec (13)
2005	Jan (4)	Feb (3)	Mar (7)	Apr (7)	May	Jun (11)	Jul (7)	Aug	Sep	Oct	Nov (7)	Dec
2006	Jan (3)	Feb	Mar (1)	Apr	May	Jun (2)	Jul (1)	Aug	Sep	Oct (9)	Nov	Dec (5)
2007	Jan (15)	Feb (2)	Mar	Apr	May	Jun	Jul (9)	Aug	Sep (2)	Oct	Nov	Dec
2008	Jan	Feb	Mar	Apr (12)	May	Jun (3)	Jul (1)	Aug (19)	Sep (2)	Oct	Nov	Dec (6)
2009	Jan (1)	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec (6)

phplib-users Mailing List for PHPLIB (Page 32)

phplib-users — A list for users of phplib to talk / discuss phplib