September 12th, 2000, 03:52 AM
suppose I've got this function on topof each page that tests a session variable $userid and kicks the user out if he's not identified...
Isn't there a risk that entering ?userid=... in the URL might authenticate the user even though he isn't logged ?
(my question is : do URL variables overwrite session variables...)
September 12th, 2000, 09:53 AM
There is one thing I know for sure, because I tested it: session variables overwrite post variables. So, I am almost sure they overwrite get variables, too.
September 12th, 2000, 03:22 PM
When you install PHP and you're using PWS as your server, the default location for saving session data is the /tmp directory.
Where's this directory supposed to be located at? Is it relative to the PHP executable, or the wwwroot directory, or in your win98 directory?
September 13th, 2000, 03:40 PM
It's hosted by a public provider in France (I'm a froggie ) so I don't know much about his settings...
Thanks anyway folks !