John, et al -- ...and then John W. Holmes said... % % You can pass the session ID in a form, too. Just use POST, and make it a % hidden element passed to the next page.
Yeah, I figured that. % % <input type="hidden" name="PHPSESSID" value="<?=$PHPSESSID?>"> % % It's no different than passing it in the URL. I hope you're not thinking Except the URL is cleaner :-) % that it's more secure by doing it this way. Either way the data is % coming from the user and it can't be trusted and it can be modified. Agreed. % % I don't know what this phobia is about passing something in the URL... First, it's just plain cluttered :-) Second, though, it would be nice to not put the user's password right in the URL to then hang out in his browser goto cache, so we have to change *sometthing*, and if we can clean up the URL while we're at it that would be nice. % % ---John Holmes... Thanks & HAND :-D -- David T-G * It's easier to fight for one's principles (play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie (work) [EMAIL PROTECTED] http://www.justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
msg81331/pgp00000.pgp
Description: PGP signature