Thanks! I changed my code to the following and it plugged that hole. :)
if (!$PHPSESSID) {
$sess_auth = "";
session_register('sess_auth');
}
----- Original Message -----
From: "Sascha Schumann" <[EMAIL PROTECTED]>
To: "Johnson, Kirk" <[EMAIL PROTECTED]>
Cc: "PHP Users" <[EMAIL PROTECTED]>
Sent: Wednesday, July 25, 2001 2:10 PM
Subject: RE: [PHP] Session Variables
> On Wed, 25 Jul 2001, Johnson, Kirk wrote:
>
> > > Is there anyway to prevent session variables from being
> > > overwritten by a get string?
> >
> > PHP will do this automatically *if* you initialize your session
variables to
> > *anything* as soon as you register them. For example,
> >
> > session_register("sess_auth");
> > $sess_auth = "";
>
> Note that session_register() will implicitly commence the
> session, and thus will automatically instantiate all session
> variables. Hence, the above two lines need to be reversed,
> otherwise you might overwrite the session variable.
>
> - Sascha Experience IRCG
> http://schumann.cx/ http://schumann.cx/ircg
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
