schoi Posted September 22, 2006 Share Posted September 22, 2006 session.use_only_cookies boolean session.use_only_cookies specifies whether the module will only use cookies to store the session id on the client side. Enabling this setting prevents attacks involved passing session ids in URLs. This setting was added in PHP 4.3.0. does this mean when ever we use sessions we should have this enabled. Even if u don't pass your session id alon with url? I am using php5 is still a problem? Quote Link to comment Share on other sites More sharing options...
onlyican Posted September 22, 2006 Share Posted September 22, 2006 http://es2.php.net/session[quote]Assess the importance of the data carried by your sessions and deploy additional protections -- this usually comes at a price, reduced convenience for the user. For example, if you want to protect users from simple social engineering tactics, you need to enable session.use_only_cookies. In that case, cookies must be enabled unconditionally on the user side, or sessions will not work.[/quote] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.