[Phpmyadmin-devel] Re: token and cookies

Garvin Hicking phpmyadmin at supergarv.de
Wed May 31 07:32:04 CEST 2006


> So, with a regenerating technique we could use URL-based session id and
> avoid our cookie restriction? :)

I have not read the source, so my question is: When not using cookies and having
URL-based sessions, where else would you store another authentication token?

I don't think this is possible, because if a user doesn't have cookies, all
there's left is HTTP Authentication [which only works with mod_php and not the
CGI] and the URI. The URI can be hijacked, so...there's nothing left to store
data in? All storage in $_SESSION will be available to the session-ID

Best regards,

++ Garvin Hicking | Web-Entwickler [PHP]    | www.garv.in | ICQ 21392242
++ Developer of   | www.phpMyAdmin.net      | www.s9y.org

++ Make me happy  | http://wishes.garv.in

More information about the Developers mailing list