This is mostly to make sure I understand how sessions are handled correctly. As far as sessions are concerned the variable data is stored on the server (be it in memory or temp files), and never transmitted accross the net unless output to the page? So this means I should be able to store the username and password for a program in session vars for quick validations, and if I force rentry of the password for sensitive areas (every time) even if someone mannages to spoof the sesid all they will have access to is non sensitive areas? This also assumes I, at least, quick validate at the start of every page immideately after starting the session. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
