Hi, I found a weekness in one of my local dev projects today. php.ini is set ut with cookies off in session handling.
I asked another user to send me his url when logged in, I copied and pasted it and then I was logged in as him. What should I do? Turn cookies on? Or write ip to mysql? or...? Best Regards Fredrik -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php