On 8/24/07, Suamya Srivastava <[EMAIL PROTECTED]> wrote:
> Hi..
>
> in the settings, session.use_cookies is turned ON but session.trans_sid is
> turned OFF. do i need to enable this as well?
> by doing this can i disable the register_globals?
>  - suamya

You need to make sure session_start() is called on all pages to be
able to read/write the session data. This is probably the case.

I have never needed to use trans_sid. It introduces some complexities
that I don't think are needed.

$_REQUEST is basically a new way of doing register_globals, which is a
security issue. register_globals can allow a savvy user to overwrite a
variable with another source - say you wanted a POST variable, a user
could supply GET instead. or if you want it to come from a cookie
using $_COOKIE it could be overridden using GET. If that makes sense.
There's a lot of information about it. It was disabled by default a
while back. Never enable it. You do not need it, period. Anyone
telling you to enable it or reading somewhere you need to enable it is
*absolutely* incorrect.

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to