Xavier: > So you wish to prevent your users from forging GET/POST values and are > willing to rely on client-side cookies ? > How is that any safer ? > > On Tue, 2002-08-20 at 09:18, Marko Karppinen wrote: >> By the way, does session.use_only_cookies work with >> session.use_cookies=off?
Who said I was using cookies? I'm not. I asked if session.use_only_cookies worked (ie. prevented supplying the sid in GET/POST parameters) without actually setting cookies on. mk -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
