Re: Re: multiple sessions on same server/domain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Marek Kilimajer wrote:
> COOOOOKIES, I'm talking about COOKIES.
>
> Anytime you talk about cookies or cookie files, you mean session and
> session files, respectively. These are completely different things,
> please don't intermingle them.

session_set_cookie_params()
^^^^^^^

You're talking about a function whose name starts with session, which is
in the sessions section of the PHP Manual:
http://php.net/session_set_cookie_params

The Cookie in question is used to uniquely identify a surfer with PHP's
session files for that surfer.

What exactly to you think this function *DOES* if you aren't using
sessions and session files?

NOTHING!

It sets the file to be used when PHP sends the PHPSESSID Cookie which is
used for PHP's Session files.  Period.

Thus my point remains:
On a shared server, I don't need to resort to calling this function to
hijack your Cookie/session.  PHP can read the raw session files.  I can
write a PHP script to read the raw session files, regardless of what
directory the Cookie is set to use to store/retrieve the Cookie whose
purpose is to identify those files.

This is not something you can "fix" in any real-world scenario where it
matters.

If you don't like that, don't use a shared server.

It's that simple.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux