Re: Re: multiple sessions on same server/domain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Richard Lynch wrote:
Marek Kilimajer wrote:

COOOOOKIES, I'm talking about COOKIES.

Anytime you talk about cookies or cookie files, you mean session and
session files, respectively. These are completely different things,
please don't intermingle them.


session_set_cookie_params()
^^^^^^^

You're talking about a function whose name starts with session, which is
in the sessions section of the PHP Manual:
http://php.net/session_set_cookie_params

The Cookie in question is used to uniquely identify a surfer with PHP's
session files for that surfer.

What exactly to you think this function *DOES* if you aren't using
sessions and session files?

NOTHING!

It sets the file to be used when PHP sends the PHPSESSID Cookie which is
used for PHP's Session files.  Period.

Sorry, you completely wrong. Please, read about cookies, especialy the Path parameter.



Thus my point remains: On a shared server, I don't need to resort to calling this function to hijack your Cookie/session. PHP can read the raw session files. I can write a PHP script to read the raw session files, regardless of what directory the Cookie is set to use to store/retrieve the Cookie whose purpose is to identify those files.

Not if php is running under suexec+cgi or safe mode.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux