The medium on how the session is mantained is irrelevant, even if with cookies, it's a little easier to mantain the links... because they will not change... BUT if the user has cookies disabled, php will try to use a SID in the url's...
Regarding security, the problem is the same... the sid will be transmited somewhere in "clear" thru the packets...
If the session is to mantain a login, it is advisable that the sid be of an algoritmic form and not a fixed one... i think there are good libraries with code that implements a schema like that and also allow sessions to be mantained in a database server (which is a good thing if you need more then one web server).
Cheers, Luis Ferro
Miha Nedok wrote:
I'm developing web apps written in PHP for quite a long time. I would like to know your preferred way using sessions ( cookie or TRANS SID ). I'm using Cookies. I would like to hear some pro et contras. :)
-Mike
-- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
