Putting your session-ID into post will require you to POST every page, rather then GET it. And every anchor user clicks will have to POST, not GET. On Tue, Jun 25, 2013 at 4:32 PM, <php@xxxxxxxxxxxxx> wrote: > You should at least check the IP of the client additionally to have some > prove > it is the same client you gave the session-ID. > > And it is better to put the session-ID in a POST-field than in GET. So it > es very unlikely someone passes a session ID around accidently. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >