>> I absolutely agree with Stefan here. It is *not* PHP's job to secure >> a connection. SSL does this. > > Like that's going to stop users from pasting url with SID in it to an > email, which is what this thread is about.
There are 2 issues at play here, firstly is educating PHP site builders that using HTTPS would enable a secure method of communication to stop packet sniffing and stream caching. Secondly, is educating the PHP users to the cause and effect cycle (the issues) with using things like session's, their client-side storage methods etc. HTTPS should be used where nessesary yes - but we currently have no alternative to sessions ... not a good, http-universally usable one. If we can come up with a universal alternative that can be used - then lets go for it ... if not, were gonna just have to live with the best we have. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software & Systems Engineer First Creative Ltd -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
