I forgot to mention some context related stuff. 1. This is for distribution, so wether or not session will actually be avaiable is something I cannot know. > Right now I am giving a trust factor of 80% to POST and 0% on GET. What > trust factor should I apply to SESSION 2. These trust factors are applied AFTER login verification. (The login is verified with a cookie that holds a unique id I sent when the user loged on. This is validated against a database. The unique id's live span is extended after each request) Thank you for your input already Andy -- Registered Linux User Number 379093 -- Feel free to check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
