On Thursday, December 27, 2001, at 05:40 AM, Wojciech Kocjan wrote: > I think that anything the user supplies cannot be trusted and as such > sessions are a real problem to make secure. You and I are in violent agreement on this point. This is the least-risk strategy; it is also the hardest to implement.
> And I'm not sure if path_info works on AOLserver... Haven't tried it. It worked in 2.x; I haven't used it since then.
