Is adding and checking for the session id in requests enough to stop XSRF? if ($_POST[‘ssn_check’] != session_id()) cease_and_desist();
Sminkybang
Tom Allender — slowly discovering things you already heard about last year
May 27 17:34
