[imp] Session Keys in URL
Nigel Cass
N.Cass@Hull.ac.uk
Tue, 17 Sep 2002 15:57:40 +0100
All.
I might be missing something obvious - (don't think so though, I've
checked things quite thoroughly) but is there a way of ensuring that the
session key is never displayed in the URL ?
I am using a custom Mysql session handler which seems to work quite
well. What I can't understand (and I admit it could easily be that I
still don't fully understand the session handling within php properly)
is why there is sometimes a session id in the URL as I use the system
and at othertimes there isn't. Obviously I don't want there to ever be a
session ID if I can help it to avoid people bookmarking sessions and
then using them at a later date and potentially getting other peoples
sessions.
Please could one of the enlightened explain it to me :)
TYIA
Nigel Cass.