On Thu, 27 Dec 2001, Wojciech Kocjan wrote:
> As I mentioned before, I use 32 bytes long mostly random SessionIDs -
> that is, there is no ID related to database. The only way to hijack a
> session is to guess (or probably sniff :) the 32byte ID...
The two big ones that I can think of are bookmarks on shared computers and
referrer logs. By adding the cookie that will disappear when the browser
is closed, you can kill both of those problems.
dave
--
Dave Weis "I believe there are more instances of the abridgement
[EMAIL PROTECTED] of the freedom of the people by gradual and silent
encroachments of those in power than by violent
and sudden usurpations."- James Madison
