Richard Lynch wrote:
On Thu, November 10, 2005 3:29 pm, GamblerZG wrote:
IMO, the best way is to re-generate SIDs on each request, but such
method will decrease perfomance of a script.
But if Cookies are off, you just destroyed their "Back" button in
their browser, which should be a crime.
Call me evil, but I prefer not to use GET-based sessions (after seing at
least 3 websites hacked because of that stuff), so users without cookies
can't login anyway.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
