Marek Kilimajer wrote:
COOOOOKIES, I'm talking about COOKIES.
Anytime you talk about cookies or cookie files, you mean session and session files, respectively. These are completely different things, please don't intermingle them.
session_set_cookie_params() ^^^^^^^
You're talking about a function whose name starts with session, which is in the sessions section of the PHP Manual: http://php.net/session_set_cookie_params
The Cookie in question is used to uniquely identify a surfer with PHP's session files for that surfer.
What exactly to you think this function *DOES* if you aren't using sessions and session files?
NOTHING!
It sets the file to be used when PHP sends the PHPSESSID Cookie which is used for PHP's Session files. Period.
Sorry, you completely wrong. Please, read about cookies, especialy the Path parameter.
Thus my point remains: On a shared server, I don't need to resort to calling this function to hijack your Cookie/session. PHP can read the raw session files. I can write a PHP script to read the raw session files, regardless of what directory the Cookie is set to use to store/retrieve the Cookie whose purpose is to identify those files.
Not if php is running under suexec+cgi or safe mode.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
