On Fri, 21 Jan 2005 09:43:38 -0800 (PST), Richard Lynch <ceo@xxxxxxxxx> wrote: > Thus my point remains: > On a shared server, I don't need to resort to calling this function to > hijack your Cookie/session. PHP can read the raw session files. I can > write a PHP script to read the raw session files, regardless of what > directory the Cookie is set to use to store/retrieve the Cookie whose > purpose is to identify those files. > > This is not something you can "fix" in any real-world scenario where it > matters. Of course you can fix it! You can change your sessions handler and save your session data in a database. For that you can use the session_set_save_handler(). Best regards, Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
