[nycphp-talk] session security redux
David Mintz
dmintz at davidmintz.org
Tue Oct 12 14:51:15 EDT 2004
I've been reading my Shiflett (HTTP Handbook, Chapter 13) on session
security and my Schlossnagle (Advanced PHP Programming, Chapter 13) and
this (possibly dumb) question is for.... Schlossnagle!
Do I read correctly that you don't suggest passing around a URL-token as a
sort of secondary client identification/anti-hijacking mechanism, and if
so, is that because you don't think it's really necessary, or not really
worth it, or some other reason?
Thanks much,
---
David Mintz
http://davidmintz.org/
"Anybody else got a problem with Webistics?" -- Sopranos 24:17
More information about the talk
mailing list