Code Forums - View Single Post

idx · 07-16-2005, 08:42 AM

Unless you have some code that performs some sanity checks, using the session ID in the url isn't good at all. (even with some paranoia checks, I don't like it) I'd use cookie-based sessions then, as sde mentiond, just use $_SESSION as the "backend cookie" to store various bits about what's going on for that session.

07-16-2005, 08:42 AM	#7 (permalink)
idx Senior Grasshopper Join Date: Jun 2003 Location: FL Posts: 317	Unless you have some code that performs some sanity checks, using the session ID in the url isn't good at all. (even with some paranoia checks, I don't like it) I'd use cookie-based sessions then, as sde mentiond, just use $_SESSION as the "backend cookie" to store various bits about what's going on for that session.