Posted 22 September 2006 - 07:25 PM
does this mean when ever we use sessions we should have this enabled. Even if u don't pass your session id alon with url? I am using php5 is still a problem?
Posted 22 September 2006 - 07:56 PM
Assess the importance of the data carried by your sessions and deploy additional protections -- this usually comes at a price, reduced convenience for the user. For example, if you want to protect users from simple social engineering tactics, you need to enable session.use_only_cookies. In that case, cookies must be enabled unconditionally on the user side, or sessions will not work.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users