Melvyn Sopacua wrote: > At 12:04 14-8-2002, Yasuo Ohgaki wrote: >> Aren't we discussing what method of passing session ID is less >> secure than others? > > > Yes, but I fail to see what it has to do with security. > For instance - I use sessions to store some output that takes a lot of > time to generate. Why would that be a security risk for anyone?
I thought we aren't talking about such case. We should provide appropriate level of protection/security depends of the information/requirements. Using URL based session management is probably ok for web based chat, but not for web based banking. -- Yasuo Ohgaki -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
