1 (edited by nocebo 2008-10-02 20:33)

Topic: Why doesn't PunBB use PHP sessions?

Sessions reduce the chance that an attacjer can use stolen cookies. I'm currently doing the same with some software I'm developing, merely because I look up to PunBB, but the possibility of cookie stealing worried me enough to hash the validation cookie value with the day's date -- which, of course, unceremoniously logs everyone out at a certain time. It would seem easier to just use sessions... but I'd like to know why PunBB does not first.