Mike,
Thanks for the super clear explanation.
This brings up a question. In order to decide whether to use
cookies or SID the built-in sessions must be testing to see if
the user's browser will accept the session cookies. How do
they do that?
By sending it out and checking to see whether it comes back on
the next page.
...
That being the case I can never find out (using the built-in
sessions) until the second page request and it will always
include the session cookie in the URL. Which means the value
of the seesion cookie will be exposed, even if I am using SSL.
:( Back to the drawing board...
Best,
Craig
------------------------------------------------------
- Virtual Phonecards - Instant Pin by Email -
- Large Selection - Great Rates -
- http://speedypin.com/?aff=743&co_branded=1 -
------------------------------------------------------
**************************************
* *
* Craig Spencer *
* ccspencer@xxxxxxxxxxxx *
* *
**************************************
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
