On Tue, January 29, 2008 12:48 pm, Per Jessen wrote: > Robert Cummings wrote: > >> Actually, now you made me think on it... the primary reason I >> disable >> referrer logging is because it will also pass along lovely >> information >> such as any session ID embedded in the URL. So if you happen to get >> on >> a malicious site, they could access the account from which you've >> come. > > Hmm, interesting idea. I wonder if the sessionid isn't tied to the > IP-address even when it's part of the URL? It CANNOT be tied to the IP address, because most users' IP addresses are not static. Google for "session hijacking" for more info. > Still, I can't help thinking that if this is a serious problem, it > would > have been dealt with long ago. War is a serious problem. So is murder. So is people cutting me off in traffic. :-v None of them have been dealt with effectively yet. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
