On 8/24/07, Suamya Srivastava <suamya.srivastava@xxxxxxxxxxxxx> wrote: > Hi.. > > in the settings, session.use_cookies is turned ON but session.trans_sid is > turned OFF. do i need to enable this as well? > by doing this can i disable the register_globals? > - suamya You need to make sure session_start() is called on all pages to be able to read/write the session data. This is probably the case. I have never needed to use trans_sid. It introduces some complexities that I don't think are needed. $_REQUEST is basically a new way of doing register_globals, which is a security issue. register_globals can allow a savvy user to overwrite a variable with another source - say you wanted a POST variable, a user could supply GET instead. or if you want it to come from a cookie using $_COOKIE it could be overridden using GET. If that makes sense. There's a lot of information about it. It was disabled by default a while back. Never enable it. You do not need it, period. Anyone telling you to enable it or reading somewhere you need to enable it is *absolutely* incorrect. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
