PHP Session Variables

Re: PHP Session Variables

Chenky wrote:This is controlled by a setting in php.ini:

session.use_coo kies = 1

If session cookies are enabled, you shouldn't get the session ID
appended to the query string. It might still use the query string if
the user has cookies disabled, however.

Tim

Re: PHP Session Variables

Chenky wrote:
[...]As you know, the client and the server must be in synch. That's why you
used the randid before you tried the session approach.

Both the randid and the session id have to be passed from the server to
the client and back.

They can do this in one of three ways:
a) by the URL
b) by cookies
c) by POST in form fields

Option a) works everytime. Of course the URL gets the data appended to
it;
option b) only works if the client has cookies enabled;
and option c) is not available for all pages -- so I'll ignore it from
now on :)

The session management in PHP can be configured for it to always *and*
*only* use cookies, or always *and only* use URL parameters, or try to
use cookies but fallback to URL parameters if cookies fail.

If your server is configured with this last option, the first time the
server starts a session it has to send the session id both in the URL
and in a cookie. When another request is received, if it has a cookie
the URL parameter will be dropped otherwise that's what PHP will use.

To avoid session tracking by URL check your php.ini for
session.use_tra ns_sid = 0
session.use_coo kies = 1
session.use_onl y_cookies = 1


Reference: http://www.php.net/manual/en/ref.session.php

--
File not found: (R)esume, (R)etry, (R)erun, (R)eturn, (R)eboot

Re: PHP Session Variables

Hmm apathetic <apatheticgeniu s@gmail.comwrot e:you've forgoten about tarnsid :)


--
~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~ ~~~~~~~~~~~~
Ikciu | gg: 718845 | yahoo: ikciu_irsa | www: www.e-irsa.pl

2be || !2be $this =mysql_query();

Re: PHP Session Variables

Hey all,

Thanks for the fast response. The server which I'm using isn't my own -
I rent the space on the server - consequently, my provider does not
give me access to any core files and the like including php.ini.

So with the problem that not all people use cookies I guess I'm stuck
with the URl approach...

Ah well, thanks for the help everyone!

Cheers,
Josh

Re: PHP Session Variables

Another thing to keep in mind is that if there arent cookies to use,
and you havent changed your php options, the url will almost always be
used. It is insecure, it is a trouble zone, in that its in the url. The
back button wont work, and it can be changed so you have to take care
of session management.

There are a few really good tutorials that would probably help you out
if you are up for the reading.






Bob

Pedro Graca wrote: