De: Daniel Brown [mailto:parasane@xxxxxxxxx] Probably because of the fear of session hijacking and spoofing. The thing is, a handwritten cookie is just as effective for that, by changing the PHPSESSID (or equivalent). In any case, a 32-byte hexadecimal hash should be sufficient security for most sessions. </Daniel P. Brown> Yes, that's what they say. But anyway, adding that setting did not change a thing and I still can't see my sessid anywhere in my code. What will happen if I do it manually? Add the sessionid in a hidden input field in every form (I don't feel like doing it, but if I have to...) will do it? Sorry to be asking too much, but I can't seem to be able to test it and the docs are very poor for this. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
