mailings@xxxxxxxxxxxxxxxx <mailto:mailings@xxxxxxxxxxxxxxxx> on Tuesday, April 05, 2005 2:25 PM said: > Right now I am giving a trust factor of 80% to POST and 0% on GET. > What trust factor should I apply to SESSION What do you mean "trust"? If by trust you mean "I trust the data to be 80% h4x0r-free if I'm receiving it through POST" then I'd say you should move that 80% to 0%. On the other hand if you have a different definition, please share it. > Should I implement a SESSIONless feature in case SESSION is not > available? Session's are available by default (IIRC) because PHP appends the PHPSESSID to the URL automatically when cookies are not available. In any case, I guess it depends exactly on the site's functional requirements for you to determine whether or not some kind of session tracking is necessary. As far as I'm concerned, if a person wants any sort of personalized data (custom settings, user account, ability to create a cart and checkout [whatever the case may be]) then they should have no problem having a cookie set on their system. HTH, Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php