Putting your session-ID into post will require you to POST every page,
rather then GET it. And every anchor user clicks will have to POST, not GET.

On Tue, Jun 25, 2013 at 4:32 PM, <p...@nobswolf.info> wrote:

> You should at least check the IP of the client additionally to have some
> prove
> it is the same client you gave the session-ID.
>
> And it is better to put the session-ID in a POST-field than in GET. So it
> es very unlikely someone passes a session ID around accidently.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Reply via email to