View Single Post - Use $_POST variables to transmit session id?

Thread: Use $_POST variables to transmit session id?

View Single Post

#2 (permalink)

Old

May 7th, 2007, 17:07

Donny Bahama Donny Bahama is offline

Donny Bahama is offline

Reputable Member

Join Date: Mar 2005

Location: Margaritaville (a state of mind somewhere between Inebriation and San Diego), CA

Posts: 236

Thanks: 4

Thanked 0 Times in 0 Posts

Re: Use $_POST variables to transmit session id?

Why is that any better than

Code: Select all

<form id="indexform" method="post" action="./sensitivepage.php?sid=<? echo session_id(); ?>">

?

I can still view source and see the value of your hidden input if I really want to get at the sid. I guess you could encrypt/decrypt it, but you could do that passing it in the querystring as well.

Reply With Quote