> This will secure the default configuration and yet make things > work for people who want to use sessions over several domains.
But I admit that this improvement can be seen as meaningless since any user on a shared server can write a script to list all sessions in a directory and then read all files. This can be cured only by using the proper PHP engine configuration. Therefore, let us document this and leave it as is. -- Ivan Ristic, [EMAIL PROTECTED] [ Weblog on PHP, Software development, Intranets, and Knowledge Management: http://www.webkreator.com ] -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
