On Thu, November 10, 2005 3:29 pm, GamblerZG wrote: >> IMO, the best way is to re-generate SIDs on each request, but such >> method will decrease perfomance of a script. But if Cookies are off, you just destroyed their "Back" button in their browser, which should be a crime. Re-generate only when permission levels are crossed from "normal" user to "admin" -- or even just make them login again (or at least provide password) at that point. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
