On Aug 22, 2006, at 3:54 PM, JRGould wrote:
>
> Is there a way to disable passing session variables with GET when
> users
> have cookies?
Yeah[1]:
"session.use_trans_sid boolean
session.use_trans_sid whether transparent sid support is enabled or
not. Defaults to 0 (disabled).
Note: For PHP 4.1.2 or less, it is enabled by compiling with --enable-
trans-sid. From PHP 4.2.0, trans-sid feature is always compiled.
URL based session management has additional security risks compared
to cookie based session management. Users may send a URL that
contains an active session ID to their friends by email or users may
save a URL that contains a session ID to their bookmarks and access
your site with the same session ID always, for example."
Might be able to do it with something like:
ini_set('session.use_trans_sid', false);
-- John
[1] http://us2.php.net/session
> MJ Ray wrote:
>> Chris Hartjes <[EMAIL PROTECTED]>
>>> That looks awfully like a session ID that is being sent via the URL
>>> instead of stored in a cookie.
>>
>> Which is good. No need to lock people out just because they won't
>> give
>> you write access to their computer.
>>
>> Regards,
>> --
>> MJ Ray <[EMAIL PROTECTED]> www.ttllp.co.uk +44-870-4321-9-10
>> Web, localisation, koha, databases, GNU/Linux and statistics.
>> Registered in England and Wales, partnership number OC303457
>
>
> >
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/cake-php
-~----------~----~----~----~------~----~------~--~---
