From: "Alexander Mueller" <[EMAIL PROTECTED]> > "Cpt John W. Holmes" wrote: > > > > PHP 4.3.2 created a new session ID, but it didn't resend the cookie. So the > > next request would include the old session ID again from the cookie. > > I wonder what it is then good for. Changing the id internally without > notifying the client does not make much sense IMHO.
If you're using sessions in the URL, then it works just fine. > > What are you trying to do? > > Changing the session id upon a login to prevent referal attacks. So, if PHP is less than 4.3.3, you need to use setcookie() to reset the value of the session id yourself. If you're using 4.3.3, then you don't have to worry about it. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
