> Il 23:54, domenica 18 agosto 2002, Rasmus Lerdorf ha scritto: > > Hrm.. Wait a second though, Giancarlo is saying that if the user passes > > in a session id himself and that session does not exist, then that will be > > the session id he will be given if a session is created on that request. > > Is that correct, Giancarlo? > > > > Well, yor browser has to be 'virgin' with regards to that cookie. > You musn't have received one already. to be an available victim
Even if you haven't received a cookie already, I don't think you can set the session id the way you describe. Can you get PHP to create /tmp/sess_123 given my example? -Rasmus -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
