Are there any security implications with passing the PHP session id in the url and can it be done another way? You can often see this ID when accessing webpages - is there a way to turn it off?
coopster
2:57 pm on Jan 5, 2006 (gmt 0)
There are always security implications with sessions and passing the session_id in the url is no different. If you haven't read PHP Session Handling Functions [php.net] yet, you should. Read all the links as well, including the paper on Session Fixation. These are must reads if you are going to use sessions with PHP. There you will also find alternatives to passing the session id in the url and reason for doing so.
