On Fri, Apr 4, 2008 at 3:48 PM, Thiago Pojda <thiago.pojda@xxxxxxxxxxxxxxxxxx> wrote: > De: Daniel Brown [mailto:parasane@xxxxxxxxx] > > Probably because of the fear of session hijacking and spoofing. > The thing is, a handwritten cookie is just as effective for > that, by changing the PHPSESSID (or equivalent). In any case, > a 32-byte hexadecimal hash should be sufficient security for > most sessions. > > </Daniel P. Brown> > > > Yes, that's what they say. > > But anyway, adding that setting did not change a thing and I still can't see > my sessid anywhere in my code. > > What will happen if I do it manually? Add the sessionid in a hidden input > field in every form (I don't feel like doing it, but if I have to...) will > do it? > > Sorry to be asking too much, but I can't seem to be able to test it and the > docs are very poor for this. It's quite alright. PHP won't add it on automatically, you have to specify when and where to do it. -- </Daniel P. Brown> Ask me about: Dedicated servers starting @ $59.99/mo., VPS starting @ $19.99/mo., and shared hosting starting @ $2.50/mo. Unmanaged, managed, and fully-managed! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
