On Mon, 19 Aug 2002, Rasmus Lerdorf wrote: > Well, while it is true that it is impossible to completely prevent, our
I've been through this argument a couple of times and I don't
plan to spend more time on it.
If you want your site to be safe, enable
session.use_only_cookies and be done with it. No amount of
checking on the server side can otherwise prevent this class
of attacks.
- Sascha
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
