My host is sending SESSION id's in the URL.
Any idea how I get the information to be sent in a more secure method?Have you tried:
ini_set('session.use_cookies', 'on')
... in your scripts, or:
php_flag session.use_cookies on
... in your .htaccess?
There is also 'session.use_only_cookies', which will make session handling use only cookies. Users with cookies disabled will not be able to use sessions. Cookies are a bit more secure than the query string, and there are a few things you can do to increase the security slightly by setting 'session.cookie_secure'. 'session.cookie_lifetime', 'session.cookie_path' and 'session.cookie_domain' to appropriate values using the same methods.thanks Rydberg - I'm not used to remote hosts (i have control of the php.ini files at work
)
Any idea how I get the information to be sent in a more secure method?Have you tried:
ini_set('session.use_cookies', 'on')
... in your scripts, or:
php_flag session.use_cookies on
... in your .htaccess?
There is also 'session.use_only_cookies', which will make session handling use only cookies. Users with cookies disabled will not be able to use sessions. Cookies are a bit more secure than the query string, and there are a few things you can do to increase the security slightly by setting 'session.cookie_secure'. 'session.cookie_lifetime', 'session.cookie_path' and 'session.cookie_domain' to appropriate values using the same methods.thanks Rydberg - I'm not used to remote hosts (i have control of the php.ini files at work
)