Hi, I have been reading up on the old discussions on this list as i was very busy for the past few days....and i saw a very intresting topic regarding sessions and security.
I really didnt understand some of the things you guys wrote on "hi-jacking a session"...do you have any examples of this? How can someone else have the session info of another user? after looking at the session id i see that its a long garbled string and even if someone is a good guesser...isnt that a very very very long shot? or am i missing something? I looked up on google and i didnt see anything major... I dont mean to drag this topic up all over again so if any of you have any URLs that you think would shed some light on this matter....please do post it to me. This concerns me a lot as I have a very "sessions heavy" site...which is also a kind of paysite/freesite. Cheers, -Ryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
