|
Posted by Oli Filth on 06/20/05 23:58
Robert Jones said the following on 20/06/2005 21:00:
> Hello.
>
> I'm engaged in developing a fairly meaty web application (FreeMIS).
> Everything is routed through index.php, with $_GET variables controlling
> which pages are shown and which actions taken. Early on (when I knew very
> little about PHP) I realised that I had to come up with a way of passing on
> all the navigation variables in forms, so the application would know where
> to go. I chose not to use cookies or session variables, for security
> reasons. I made up 2 functions; one to to pass on all the existing $_GET
> variables via additions to the "action" url of the form, and one to pass on
> all the existing $_POST variables via hidden input elements.
Hi.
Why do you consider session variables *less* secure than $_GET and
$_POST strings?
--
Oli
[Back to original message]
|