At 02:18 15.11.2002, Jochen Kächelin said:
[snip]
How can I process $_SESSION variables if the user disables cookies
and session.use_trans_sid = 0 ?
[snip]
Simply put - you can't.
You need a way to transmit the
Simply put - you can't.
You need a way to transmit the session identifier, and AFAIK there's
nothing except either cookies or SID.
Using SID for security relevant issues presents a problem - users can send
links with a SID to friends by mail or else, so this is not really a secure
Hi Jochen,
How can I process $_SESSION variables if the user disables cookies
and session.use_trans_sid = 0 ?
You could use a combination of outputbuffering and a self-written
session-handler.
So you could build a trans_sid-alike system, that would do more checks (i.e.
compare IP-Addresses)
At 02:42 15.11.2002, Sascha Cunz said:
[snip]
This sounds like a pretty good idea to work around that problem :-)
Does this system work, if the user decides to split one session accross
multiple Browser-Windows, i.e. the uses the Open in new
4 matches
Mail list logo