Adrian Holovaty napisaĆ(a): >>Thanks Adrian. What I'm actually wondering about though is whether >>there is a "proper" way to clear out a session entirely? Is it just a >>matter of iterating through all of the keys and clearing them one by >>one? And on that note, I keep feeling like a user, upon login, should >>get a fresh session with a fresh ID, rather than reusing a cleaned up >>second hand session. Or am I just worrying about nothing? > > It sounds like you're worrying about nothing. :)
It would be nothing if we wouldn't be hearing of session hijacking attacks everyday (well, not *that* often, but...). It's always better to be on safe side than to wake up with head in someone's water-closet. -- Jarek Zgoda http://jpa.berlios.de/
