You should at least check the IP of the client additionally to have some prove
it is the same client you gave the session-ID.

And it is better to put the session-ID in a POST-field than in GET. So it
es very unlikely someone passes a session ID around accidently.

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to