ooooh..... I get it now...
it would indeed make some sense since you have an alternative way of
tracking session.
Unfortunately, I do not have the answer to your question.
On Tue, 2002-08-20 at 10:09, Marko Karppinen wrote:
Xavier:
> So you wish to prevent your users from forging GET/POST values and are
> willing to rely on client-side cookies ?
> How is that any safer ?
>
> On Tue, 2002-08-20 at 09:18, Marko Karppinen wrote:
>> By the way, does session.use_only_cookies work with
>> session.use_cookies=off?
Who said I was using cookies? I'm not. I asked if
session.use_only_cookies
worked (ie. prevented supplying the sid in GET/POST parameters) without
actually setting cookies on.
mk
Xavier Spriet
Developer/Administrator/Apache Build
Next Dimension Inc.
[EMAIL PROTECTED]
Tel: (519)-945-2032 Ext. 233
