| From: | "Dan Wilson" <phpPgAdmin(at)acucore(dot)com> |
|---|---|
| To: | "Mitch Vincent" <mitch(at)venux(dot)net>, "Christian Marschalek" <cm(at)chello(dot)at> |
| Cc: | "[PHP] PostgreSQL" <pgsql-php(at)postgresql(dot)org> |
| Subject: | Re: RE: Sessions without cookies |
| Date: | 2001-05-09 17:54:05 |
| Message-ID: | 003301c0d8b1$0a69c9d0$523987cf@corp.peoplesoft.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-php |
: > > Why? If the user accepts the cookie, then they don't have a
: > > problem with it. If the user doesn't then it uses other
: > > functionality (URL re-writing). I don't see any problem with
: > > that. Leave it up to the user to decide how they want PHP to
: > > keep track of their session.
: >
: > Well because cookies are a security flaw, aren't day?
:
: Only if you make them one. :-)
:
: Cookies by in and of themselves are harmless. Just treat what ever you
store
: in a cookie as if anyone could see it (because they probably can)..
:
: -Mitch
Exactly... and that's only an issue if someone gets into your local machine.
Regardless, the cookie that is stored with the PHP session functionality is
just a long unique identifier. It's meaningless to the user. It's only
used by the system to lookup the information that is stored in the session
handling on the server. This could either be on the filesystem (default) or
by a user-defined session handling system
(http://www.php.net/manual/en/function.session-set-save-handler.php)
-Dan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew McMillan | 2001-05-09 19:36:10 | Re: RE: Sessions without cookies |
| Previous Message | Mitch Vincent | 2001-05-09 17:05:43 | Re: RE: Sessions without cookies |