Re: RE: Sessions without cookies
| От | Dan Wilson |
|---|---|
| Тема | Re: RE: Sessions without cookies |
| Дата | |
| Msg-id | 003301c0d8b1$0a69c9d0$523987cf@corp.peoplesoft.com обсуждение исходный текст |
| Ответ на | RE: RE: Sessions without cookies ("Christian Marschalek" <cm@chello.at>) |
| Список | pgsql-php |
: > > Why? If the user accepts the cookie, then they don't have a : > > problem with it. If the user doesn't then it uses other : > > functionality (URL re-writing). I don't see any problem with : > > that. Leave it up to the user to decide how they want PHP to : > > keep track of their session. : > : > Well because cookies are a security flaw, aren't day? : : Only if you make them one. :-) : : Cookies by in and of themselves are harmless. Just treat what ever you store : in a cookie as if anyone could see it (because they probably can).. : : -Mitch Exactly... and that's only an issue if someone gets into your local machine. Regardless, the cookie that is stored with the PHP session functionality is just a long unique identifier. It's meaningless to the user. It's only used by the system to lookup the information that is stored in the session handling on the server. This could either be on the filesystem (default) or by a user-defined session handling system (http://www.php.net/manual/en/function.session-set-save-handler.php) -Dan
В списке pgsql-php по дате отправления: