Hi, I've tried the PHP4 built-in sessions, and both with and without the default setting off session.use_trans_sid php.ini, I see that you can force anyone into a session if you point to a URL like http://myhost/a_page.php?PHPSESSID=blackhole even if his cookie are enabled.
Wasn't that supposed to be an alternative for those clients with cookies disabled? Is it correct that does it work even if cookies are enabled? Is it correct that there is no check, nor a switch or a directive, that prevents from accepting a session we haven't issued? Thanks Giancarlo Pinerolo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
