Can we not document the real issues about this in the manual, and just say something like
There are security issues in using any type of sessions with HTTP, please read the manual at http://www.php.net/en/manual/security.sessions.html for a more detail discussion on this subject.. regards Alan Rasmus Lerdorf wrote: >As much as I think trans-sid sucks from a performance perspective, what's >with this comment in php.ini-dist? > >; trans sid support is disabled by default. >; Use of trans sid may risk your users security. It may not be >; feasible to use this option for some sites. Use this option with caution. >session.use_trans_sid = 0 > >What security issue is this referring to? > >-Rasmus > > > > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
