On Thu, 2002-02-14 at 11:40, Morten Nielsen wrote: > Hi again, > I have read about sessions in the PHP manual and as far as I understand > session needs the user to allow cookies. Is my understanding correct so far? > But if it is required to accept cookies why not just pass all the required > parameters in the URL? > > Thanks, > Morten
Because then anybody could set them to anything and hijack logins. The point behind a session cookie is that it's hard to guess and duplicate, allowing you to store the user information server-side (preventing all sorts of sniffs and whatnot) and to just use the cookie value as a key to find it again when the user comes back. You do not, however, need cookies enabled. Check out SID and --enable-trans-sid at http://www.php.net/session. Cheers, Torben -- Torben Wilson <[EMAIL PROTECTED]> http://www.thebuttlesschaps.com http://www.hybrid17.com http://www.inflatableeye.com +1.604.709.0506 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
