PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I wonder if that is secure. I'm testing on IIS and I understand that sessions use cookies but I can't find the cookie for this one. anyway, would the above method be easy to hack or not? I'm planing to upload on tripod and then to a good server when the whole site is finished
Also, how do I pass POSTed variables w/o using inputs? Like passing them from anchors <a href>
That is fine, if you want all of the variables from $_SESSION without calling $_SESSION just do extract($_SESSION) php.net/extract Also, you can't really get POST variables from an anchor tag because that would use the GET method. Therefore you would have to pass them through the query string and use $_GET to get the variables. Hope that helps.
Its only easy to steal a session if your good at coming up with random numbers or stealing a cookie off of someone's computer. If your going to store sensitive information in the session, encrypt it. No, there is no way to get POST data besides by a form that I'm aware of.
There are several encryption functions in PHP. I suggest you start checking out the string functions at php.net/strings and also md5() php.net/md5 There are of course other styles of encryption but MD5 seems to be the most popular one way hash. Hope that helps.
Its not the only way... if they have the session ID they can pass that through the URL. Its not as easy as some people make it out to be if you code your site properly. Also, with md5() all you can do to check your data is compare an MD5 string to and MD5 string since there is no decryption for it.