1
I had a big problem the other day.
One member pasted the url of the page he was browsing that looked something like this
http://www.xoopssite.com/modules/newbb/viewtopic.php?topic_id=828&viewmode=flat&order=DESC&start=10&PHPSESSID=9e3b91c44f53e2c2ab10c49712a59f6c
Then the guy who clicked on the url was able to access the XOOPS site with that guy's account. And able to change the password also!
How to prevent all these
"&PHPSESSID=9e3b91c44f53e2c2ab10c49712a59f6c"
from showing at the end of the url ?