Anders Nawroth wrote:
You could also avoid using session id's in links, using only cookies.
php_value session.use_trans_sid 0 php_value session.use_only_cookies 1
This also takes care of the security issue (not a 100% fix, but it helps) of having the ID in the address window and in the links. Another option is to allow the URI changes for browsers with cookies off, but to sniff out and exclude that option for bots and validators.
Bottom line: we live in an imperfect world.
*****************************************************
The discussion list for http://webstandardsgroup.org/
See http://webstandardsgroup.org/mail/guidelines.cfm
for some hints on posting to the list & getting help
*****************************************************
