John, et al --

...and then John W. Holmes said...
% 
% You can pass the session ID in a form, too. Just use POST, and make it a
% hidden element passed to the next page. 

Yeah, I figured that.


% 
% <input type="hidden" name="PHPSESSID" value="<?=$PHPSESSID?>">
% 
% It's no different than passing it in the URL. I hope you're not thinking

Except the URL is cleaner :-)


% that it's more secure by doing it this way. Either way the data is
% coming from the user and it can't be trusted and it can be modified. 

Agreed.


% 
% I don't know what this phobia is about passing something in the URL...

First, it's just plain cluttered :-)  Second, though, it would be nice to
not put the user's password right in the URL to then hang out in his
browser goto cache, so we have to change *sometthing*, and if we can
clean up the URL while we're at it that would be nice.


% 
% ---John Holmes...


Thanks & HAND

:-D
-- 
David T-G                      * It's easier to fight for one's principles
(play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie
(work) [EMAIL PROTECTED]
http://www.justpickone.org/davidtg/    Shpx gur Pbzzhavpngvbaf Qrprapl Npg!

Attachment: msg81331/pgp00000.pgp
Description: PGP signature

Reply via email to