Edward Vermillion wrote:
And the session id is open to being stored in a bookmark or worse, sent
to someone else through a cut and paste of the URL.
Depending on what information that id controls and how long the sessions
are kept around id's in the URL could be a very bad thing indeed.
Agreed (depending entirely on how your app was written), my point was
simply that a trans ID will never give away anything more than a cookie
does. In that respect, they're identical.
Cheers,
Rich
--
Zend Certified Engineer
http://www.corephp.co.uk
"Never trust a computer you can't throw out of a window"
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
