Hi Jochen, > How can I process $_SESSION variables if the user disables cookies > and session.use_trans_sid = 0 ?
You could use a combination of outputbuffering and a self-written session-handler. So you could build a trans_sid-alike system, that would do more checks (i.e. compare IP-Addresses) to validate, if a session is really the one it is claiming. (Of course this would be slower as trans_sid's and ain't that easy to do) -Sascha -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
