Re: sessions and domain names — PHP Programming Language

You are here: Re: sessions and domain names « PHP Programming Language « IT news, forums, messages

Posted by Gordon Burditt on 11/05/06 10:30

>> If you really want foo.com and www.foo.com to be the same web site,
>> use Apache to redirect any reference to one to the other one.
>>
>
>I dont particularly - that is just how its done in the real world.
>
>PHP is a massive security hazard until such time as it can deal with that
>whether you want to call it a bug or not.

Please explain why this is any kind of security hazard. A site
where you have to keep logging in repeatedly because sessions in
two domains aren't the same would not seem to be a security hole:
in the extreme case where nobody can access anything, there are no
information leaks or ability for anyone to change anything.

Navigation:

Next in forum: Re: sessions and domain names
Prev in forum: Re: sessions and domain names
Thread view: Re: sessions and domain names

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация