ccspencer@xxxxxxxxxxxx wrote:
That being the case I can never find out (using the built-in sessions) until the second page request and it will always include the session cookie in the URL. Which means the value of the seesion cookie will be exposed, even if I am using SSL. :( Back to the drawing board...
While using TRANS IDs are ugly, they will show no more or less information to the user than a session cookie contains. Most browsers have built-in support for viewing cookie contents these days. Doing so will show your PHP Session ID clearly. Trans IDs are no different, just more 'obvious' being in the URL and all. The actual data displayed is the same however.
Cheers, Rich -- Zend Certified Engineer http://www.corephp.co.uk "Never trust a computer you can't throw out of a window" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
