WebApp Sec mailing list archives
Re: (clarification) GET and POST Methods Accepted
From: Greg Skouby <gskouby () sitesnow com>
Date: Sat, 15 Oct 2005 16:41:33 -0400
On Fri, Oct 14, 2005 at 05:12:16PM -0400, Chris Shiflett wrote:
Derick Anderson wrote:This extremely irritating behavior can be stopped in PHP by setting a php.ini variable ("use_only_cookies" if memory serves).The session.use_trans_sid directive is what controls whether PHP conditionally rewrites URLs to include the session identifier. The feature has always been optional to my knowledge.
To clarify the above statement the session.use_trans_sid defaults to 0 and one would think that somebody would think about the implications before turning it on. Or maybe not. --Greg
Current thread:
- RE: (clarification) GET and POST Methods Accepted Evans, Arian (Oct 13)
- RE: (clarification) GET and POST Methods Accepted Joe Teff (Oct 13)
- RE: (clarification) GET and POST Methods Accepted Amit Klein (AKsecurity) (Oct 14)
- RE: (clarification) GET and POST Methods Accepted Thomas Schreiber (Oct 14)
- <Possible follow-ups>
- RE: (clarification) GET and POST Methods Accepted Jeff Robertson (Oct 14)
- RE: (clarification) GET and POST Methods Accepted Amit Klein (AKsecurity) (Oct 14)
- Re: (clarification) GET and POST Methods Accepted Andrew van der Stock (Oct 14)
- RE: (clarification) GET and POST Methods Accepted Derick Anderson (Oct 14)
- Re: (clarification) GET and POST Methods Accepted Chris Shiflett (Oct 14)
- Re: (clarification) GET and POST Methods Accepted Greg Skouby (Oct 16)
- Re: (clarification) GET and POST Methods Accepted Chris Shiflett (Oct 14)