--- "John W. Holmes" <[EMAIL PROTECTED]> wrote:
> > Either way, what if a bad guy visits this URL:
> >
> > http://www.example.org/foo.php?PHPSESSID=12345
>
> Called session fixation. Here's good paper on this and how to deal
> with it.
>
> http://www.acros.si/papers/session_fixation.pdf
Actually, I didn't mean to reference session fixation (my example used an
existing session). However, this is another important topic; thanks for the
link.
Chris
=====
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
