Quoting Daniel Carrera daniel.carrera@zmsl.com:
Earnie Boyd wrote:
Thanks. I have to say that I don't really understand that option. I made the change, but I don't understand what I just did.
From http://php.net/session.configuration we see:
session.use_only_cookies boolean session.use_only_cookies specifies whether the module will only use cookies to store the session id on the client side. Enabling this setting prevents attacks involved passing session ids in URLs. This setting was added in PHP 4.3.0. Defaults to 1 (enabled) since PHP 6.0.
Yes. I had read that. But I don't see what that has to do with sessions expiring. For that matter, I don't know what else PHP would be using besides cookies.
Oh oh.... I think I get it. That says that the cookie will only the session id and and other than that no other information will be stored.... Is that right?
No, with a TRUE value this prevents the session id being passed in the $_GET array. PHP used to pass the session id by default appended to the URL. Now by default it only uses cookies to store the session id.
Earnie -- http://for-my-kids.com/ -- http://give-me-an-offer.com/