|
Posted by ZeldorBlat on 10/24/07 04:12
On Oct 23, 5:13 pm, Isaac Raway <isaac.ra...@mac.com> wrote:
>
> If you are on a subdomain or, worse, just a subdirectory of a domain,
> the other directories on that domain can access the same session data.
>
> Anyway, this is how I understand it. I guess that this might noe
> accurate, but think about how wide open all these PHP scripts would be
> running on colocated servers if it weren't domain specific.
>
> If you use cookies to store the session ID, that abides by the rules of
> cookie access which are domain specific (obviously).
>
Right -- including the rules about cookies being made specific to a
particular path. See the session.cookie_path directive in php.ini.
Navigation:
[Reply to this message]
|