Quote:
Originally Posted by Old Pedant
Of course, if the user disables cookies, then the PHP developer must enable cookieless-sessions
|
Only if you must support cookieless browsers. Whether having the sessionID in the url is a real security risk or not depends on the type of website and the information displayed on the web page.