schoi Posted September 22, 2006 Share Posted September 22, 2006 session.use_only_cookies boolean session.use_only_cookies specifies whether the module will only use cookies to store the session id on the client side. Enabling this setting prevents attacks involved passing session ids in URLs. This setting was added in PHP 4.3.0. does this mean when ever we use sessions we should have this enabled. Even if u don't pass your session id alon with url? I am using php5 is still a problem? Link to comment https://forums.phpfreaks.com/topic/21705-session-security/ Share on other sites More sharing options...
onlyican Posted September 22, 2006 Share Posted September 22, 2006 http://es2.php.net/session[quote]Assess the importance of the data carried by your sessions and deploy additional protections -- this usually comes at a price, reduced convenience for the user. For example, if you want to protect users from simple social engineering tactics, you need to enable session.use_only_cookies. In that case, cookies must be enabled unconditionally on the user side, or sessions will not work.[/quote] Link to comment https://forums.phpfreaks.com/topic/21705-session-security/#findComment-96930 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.