If you destroy the session (for exaple with a logoff button) this dosen work.
Josep R. Raurell Giancarlo Pinerolo wrote: >Giancarlo Pinerolo wrote: > >>I myself wrote: >> >>>Can I tell you more than what the subject says? >>>proceeding: >>>Close the browser, clean all your cookies, and open any page with that >>>?PHPSESSID=spoofme appended. >>>And see what happens. >>> > >spoofme is not the exact term. > >?PHPSESSID=hijackme should be more appropriate, but I avoided it for >well known 'historical' reasons :-| > >G > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php