Robert Cummings wrote: > Actually, now you made me think on it... the primary reason I disable > referrer logging is because it will also pass along lovely information > such as any session ID embedded in the URL. So if you happen to get on > a malicious site, they could access the account from which you've > come.
Hmm, interesting idea. I wonder if the sessionid isn't tied to the IP-address even when it's part of the URL? Still, I can't help thinking that if this is a serious problem, it would have been dealt with long ago. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
