On Fri, Apr 4, 2008 at 3:48 PM, Thiago Pojda
<[EMAIL PROTECTED]> wrote:
> De: Daniel Brown [mailto:[EMAIL PROTECTED]
>
> Probably because of the fear of session hijacking and spoofing.
> The thing is, a handwritten cookie is just as effective for
> that, by changing the PHPSESSID (or equivalent). In any case,
> a 32-byte hexadecimal hash should be sufficient security for
> most sessions.
>
> </Daniel P. Brown>
>
>
> Yes, that's what they say.
>
> But anyway, adding that setting did not change a thing and I still can't see
> my sessid anywhere in my code.
>
> What will happen if I do it manually? Add the sessionid in a hidden input
> field in every form (I don't feel like doing it, but if I have to...) will
> do it?
>
> Sorry to be asking too much, but I can't seem to be able to test it and the
> docs are very poor for this.
It's quite alright.
PHP won't add it on automatically, you have to specify when and
where to do it.
--
</Daniel P. Brown>
Ask me about:
Dedicated servers starting @ $59.99/mo., VPS starting @ $19.99/mo.,
and shared hosting starting @ $2.50/mo.
Unmanaged, managed, and fully-managed!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
