> URL based sessin management has more risks than cookie's. > Please advise people to consider risks :)
but cookies arent always enabled (in my area of deployment 90% dont have them enabled) .. and the fact is no matter where the data goes client side, the data can still be pulled. I can knock a delphi app which runs in the background pulling the session id from the pages, no matter where it gets put (ram, hdd, url) just by intercepting the communication in the [ever so secure] windows layer. Security in this matter should be taken with a pinch of salt. Some methods are more flexable (available to more people), some methods take more work to get the data... but neither is really more secure as the data is still stored in (effectivly) plain text and is easily locatable. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software & Systems Engineer First Creative Ltd -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
