There was a post on one of the Xiwethey forums about a PHP security hole. Does anybody remember where it was or what the topic was called?
Also, it appears that PHP stores "session variables" directly into cookies. ASP only stores a sessionID as a client-side cookie, but the session variables and values themselves are kept on the server (under a given sessionID). Is there an option in PHP to do such? If so, is it used often in practice, or is the var-in-cookie aproach used the most?
I purchased a PHP book, but it is not very good. Thats what I git for shopping around closing time.