Page 2 of 2

Posted: Fri Jan 19, 2007 9:47 am
by pickle
@~Mordred I don't think this would happen as a matter of course. I'm just saying its a possibility. I think it could be argued that this *could* be worse than man in the middle attacks etc, because anyone can walk by & write down the session id - no need to be technically savvy. Of course, the person at the computer will have to be completely oblivious for this to happen - but those people are out there.

@~kaisellgren While I have said that I use db sessions, I can't think of any reason not to use the built in system. It seems a bit simpler.