If a person 'somehow' gains read access to the directory where the sessions are stored on your server, then yes it is possible for them to get the session id.
Ilia On August 14, 2002 06:41 pm, Sascha Braun wrote: > Is it possible that someone from outside can read the session stored > on my webserver for getting unencrypted password and usernames? > > Schura -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php