On Thu, 2002-02-14 at 11:40, Morten Nielsen wrote:
> Hi again,
> I have read about sessions in the PHP manual and as far as I understand
> session needs the user to allow cookies. Is my understanding correct so far?
> But if it is required to accept cookies why not just pass all the required
> parameters in the URL?
> Thanks,
> Morten

Because then anybody could set them to anything and hijack logins. The
point behind a session cookie is that it's hard to guess and duplicate,
allowing you to store the user information server-side (preventing all 
sorts of sniffs and whatnot) and to just use the cookie value as a key
to find it again when the user comes back.

You do not, however, need cookies enabled. Check out SID and 
--enable-trans-sid at http://www.php.net/session.



 Torben Wilson <[EMAIL PROTECTED]>

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to