phat code There aren't any sheep in outer Mongolia.
Main

Projects

Downloads

Articles

Links

Forum

 

View Message

Back to Messages
agamemnus Fri Nov 9 2007 at 12:20 pm
security risk with session ids and current server setup
 
 
I was reading up on session ids and I found out that the default configuration allows sessions to be used with urls as opposed to cookies.

This is a social engineering risk if you are coding a multiplayer browser based game.

Question: As I understand it, I can just put php.ini and put in "session.use_only_cookies = 1" in my public_html/capitalopoly folder, or do I need to put it somewhere else?
 
 
 
 

Reply to this Message

Name
Subject
Message

No HTML is allowed, except for <code> <b> <i> <u> in the message only.
All URLs and email addresses will automatically be converted to hyperlinks.