Posted by tryit on 03/08/07 23:46

In article <cOGdneppj5NsbHHYnZ2dnUVZ_sqdnZ2d@comcast.com>,
jstucklex@attglobal.net says...
> >>
> >> That's what you don't get. www.example.com is NOT the same as
> >> example.com.
>

Yes it is - for any domain issued - denying that simple fact allows PHP
to continue to ignore a security critical bug. A fact easily tested.
Try going to any site with either and you get the same result unless
its a very old domain. Nobody is now issued with a domain where those
2 addresses result in a different IP address. Nobody.


Its exactly the same - as you yourself so rightly
pointed out and thereby made the point yourself-

the WWW is just a convention that means nothing in relation to the
domain.

However the rest of that string defines the domain.

PHP using sessions constitutes a massive security hazard until this
serious bug is fixed.

• Next in forum: Re: Two simultaneous write accesses to a text file
• Prev in forum: Re: help with regex
• Thread view: Re: List Fails on some computers - www missing in url

[Reply to this message]