The page at https://www.php.net/manual/en/session.idpassing.php includes the following:
There are two methods to propagate a session id:
The page at https://www.php.net/manual/en/function.session-start.php includes the following:
session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.
That would imply the using POST is a third method to propagate the session id, and would certainly be more secure than using a URL parameter. It would also imply a conflict between the two pages.
I haven’t finished testing this, but is it possible to get clarification on whether POST request is a valid third method? I can’t find any other discussion of this anywhere, and this would certainly have implications to using sessions with CURL and AJAX.
If my interpretation is correct, I would propose correcting one or the other page.
The page at https://www.php.net/manual/en/session.idpassing.php includes the following:
The page at https://www.php.net/manual/en/function.session-start.php includes the following:
That would imply the using POST is a third method to propagate the session id, and would certainly be more secure than using a URL parameter. It would also imply a conflict between the two pages.
I haven’t finished testing this, but is it possible to get clarification on whether POST request is a valid third method? I can’t find any other discussion of this anywhere, and this would certainly have implications to using sessions with CURL and AJAX.
If my interpretation is correct, I would propose correcting one or the other page.