[nycphp-talk] Session basics
Aaron Fischer
agfische at email.smith.edu
Fri Aug 19 13:46:49 EDT 2005
Have you tested with different browsers?
Brian O'Connor wrote:
> Why is it that in my php.ini I have session.use_cookies set to 1, but
> when I view a site of mine it appends the links to say
> ?PHPSESSID=xxxxxxxxxxxxx, even though my browser has cookies enabled?
> On 8/11/05, *David Mintz* <dmintz at davidmintz.org
> <mailto:dmintz at davidmintz.org>> wrote:
>
> On Thu, 11 Aug 2005, Brian O'Connor wrote:
>
> > So what you're saying is if I see a "?PHPSESSID=xxxxxxxxxxxx" in
> the URL of
> > my site, than it is vulnerable?
>
> Yeah.
More information about the talk
mailing list