Bill Rausch pressed the little lettered thingies in this order...

> Rasmus,,
> OK, I'm still confused. What does SSL have to do with any of this?

SSL makes it impossible (well, improbable anyway) to sniff the session 
ID from the network. Without SSL, anyone on the network between the 
origin (client) and the destination (server) can get the session ID in plain 
text by installing a packet sniffer on the network.

If you're relying on the URL to send session IDs, you'll never conquer 
the "person looking over the shoulder" problem (assuming that you 
believe that it's reasonable that someone can look over another's 
shoulder and write down a 20 character string without the first person 

Christopher Ostmo
Meeting cutting edge dynamic
web site needs

For a good time,

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to