I am establishing sessions between a flash object and a PHP script and if I pass the SID from flash using POST, PHP does not pick it up.

The manual states that it's only possible to pass session ID's using a cookie or the GET HTTP method (If you use the PHP4 session API at least). I'd like to see this extended to include support for passing the session ID through the HTTP POST method.

There are some sound reasons for allowing SID's to be passed with POST;
1) POST data is usually not logged by webservers (GET data is logged as it's part of the URL)
2) Some older servers do not allow passing more than aproximately 1Kb with GET, while the POST limit is usually closer to 4Kb.
3) Most browsers do not cache data returned from a POST request, while GET requests are almost always cached.
4) I have experienced problems with IE4.x in combination with Apache+mod_ssl and GET requests (and in the cases where GET failes, POST usually works).


- Jesper Juhl - juhl@eisenstein.dk