$PHPSESSID blank on initial php file

Re: $PHPSESSID blank on initial php file

On Wed, 13 Aug 2003 20:26:57 GMT in
<message-id:lax_a.1452$z S4.27079748@new ssvr13.news.pro digy.com>
"JohnS" <PleaseNoSpam@m yaccount.com> wrote:
[color=blue]
> Hi,
>
> When I initially start my browser (any of 'm) and point it to my PHP
> script the $PHPSESSID is always blank.
> On all subsequent hits or after a refresh the value for $PHPSESSID is
> fine... why do I have to complete a php file before the $PHPSESSID is
> set? I tried to do session_start() before anything still blank,
> what did I miss?
> (Aix 4.3.3, php 4.2.1,Apache 1.13.26)[/color]
^^^^^^^^^


The reason you haven't RTFM is?

By default, of course $PHPSESSID will be blank.. as to why, is a task
you're left to read about, but as a hint.... http://php.net/ ;)



Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.ne t | forum.digiserv. net
Programming, Web design, development & hosting.

Re: $PHPSESSID blank on initial php file

Ok ok, I'm reading the "Fantastic" manual right now....again...

J.

btw. I did before...no answer yet... any more hints?


"Ian.H [dS]" <ian@WINDOZEdig iserv.net> wrote in message
news:2003081321 5128.2a35a071.i an@WINDOZEdigis erv.net...[color=blue]
> On Wed, 13 Aug 2003 20:26:57 GMT in
> <message-id:lax_a.1452$z S4.27079748@new ssvr13.news.pro digy.com>
> "JohnS" <PleaseNoSpam@m yaccount.com> wrote:
>[color=green]
> > Hi,
> >
> > When I initially start my browser (any of 'm) and point it to my PHP
> > script the $PHPSESSID is always blank.
> > On all subsequent hits or after a refresh the value for $PHPSESSID is
> > fine... why do I have to complete a php file before the $PHPSESSID is
> > set? I tried to do session_start() before anything still blank,
> > what did I miss?
> > (Aix 4.3.3, php 4.2.1,Apache 1.13.26)[/color]
> ^^^^^^^^^
>
>
> The reason you haven't RTFM is?
>
> By default, of course $PHPSESSID will be blank.. as to why, is a task
> you're left to read about, but as a hint.... http://php.net/ ;)
>
>
>
> Regards,
>
> Ian
>
> --
> Ian.H [Design & Development]
> digiServ Network - Web solutions
> www.digiserv.net | irc.digiserv.ne t | forum.digiserv. net
> Programming, Web design, development & hosting.[/color]

Re: $PHPSESSID blank on initial php file

"JohnS" <PleaseNoSpam@m yaccount.com> wrote in
news:wEx_a.1397 $tv1.1180@newss vr27.news.prodi gy.com:
[color=blue]
> Ok ok, I'm reading the "Fantastic" manual right now....again...
>
> J.
>
> btw. I did before...no answer yet... any more hints?[/color]

Session ID is returned from the browser. The browser doesn't have it until
after it loads the first page of the session. This behavior is by intent.

Is there a way to retrieve a cookie you just set?

--
Larry Flynt for Governor
Bringing dignity back to the Governor's Mansion

Terry Austin
taustin@hyperbo oks.com

Re: $PHPSESSID blank on initial php file

Is it that the *browser* generates the $PHPSESSID not PHP? And therefore
must at least load 1 php file before it can do so? I was thinking it was
generated by PHP as in *PHP*sessid....

right?

Just nod if you agree Ian....

Thanks!

John.


"Ian.H [dS]" <ian@WINDOZEdig iserv.net> wrote in message
news:2003081321 5128.2a35a071.i an@WINDOZEdigis erv.net...[color=blue]
> On Wed, 13 Aug 2003 20:26:57 GMT in
> <message-id:lax_a.1452$z S4.27079748@new ssvr13.news.pro digy.com>
> "JohnS" <PleaseNoSpam@m yaccount.com> wrote:
>[color=green]
> > Hi,
> >
> > When I initially start my browser (any of 'm) and point it to my PHP
> > script the $PHPSESSID is always blank.
> > On all subsequent hits or after a refresh the value for $PHPSESSID is
> > fine... why do I have to complete a php file before the $PHPSESSID is
> > set? I tried to do session_start() before anything still blank,
> > what did I miss?
> > (Aix 4.3.3, php 4.2.1,Apache 1.13.26)[/color]
> ^^^^^^^^^
>
>
> The reason you haven't RTFM is?
>
> By default, of course $PHPSESSID will be blank.. as to why, is a task
> you're left to read about, but as a hint.... http://php.net/ ;)
>
>
>
> Regards,
>
> Ian
>
> --
> Ian.H [Design & Development]
> digiServ Network - Web solutions
> www.digiserv.net | irc.digiserv.ne t | forum.digiserv. net
> Programming, Web design, development & hosting.[/color]

Re: $PHPSESSID blank on initial php file

On Wed, 13 Aug 2003 21:10:36 GMT in
<message-id:gPx_a.1398$0 v1.671@newssvr2 7.news.prodigy. com>
"JohnS" <PleaseNoSpam@m yaccount.com> wrote:
[color=blue]
> Is it that the *browser* generates the $PHPSESSID not PHP? And
> therefore must at least load 1 php file before it can do so? I was
> thinking it was generated by PHP as in *PHP*sessid....
>
> right?
>
> Just nod if you agree Ian....
>
> Thanks!
>
> John.[/color]


Well, John.. seeing as you're using PHP 4.2.1, have you checked your
register_global s settings in php.ini? oh, of course you have! you read
the very FINE manual properly didn't you? =)

Funny how php.net has this screaming out at you, and has done for
absolutely ages.. why oh why are people _still_ shocked when their
poorly written scripts fail (and yes, your method is _VERY_ poor and
insecure).



Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.ne t | forum.digiserv. net
Programming, Web design, development & hosting.

Re: $PHPSESSID blank on initial php file

> Well, John.. seeing as you're using PHP 4.2.1, have you checked your[color=blue]
> register_global s settings in php.ini? oh, of course you have! you read
> the very FINE manual properly didn't you? =)[/color]

Indeed, I did...but not all of it...

[color=blue]
> Funny how php.net has this screaming out at you, and has done for
> absolutely ages.. why oh why are people _still_ shocked when their
> poorly written scripts fail (and yes, your method is _VERY_ poor and
> insecure).[/color]

One day... when I am just as good as you...

Thanks for your help.
Cheers,
J.

Re: $PHPSESSID blank on initial php file

On Wed, 13 Aug 2003 22:01:06 GMT in
<message-id:Cyy_a.1461$F e5.28532890@new ssvr13.news.pro digy.com>
"JohnS" <PleaseNoSpam@m yaccount.com> wrote:
[color=blue]
> One day... when I am just as good as you...[/color]


John, it's not that at all.. apologies for the harshness.

A small summary to back up my harsh statement. Take your example here,
with $PHPSESSID. Obviously, sessions are supposed to be a "secure"
method for many things. So you're checking for $PHPSESSID, which is
nothing more here, than a variable. I access your site like
'yoursite.com/foo.php?PHPSESS ID=abcdef123456 ' etc. I'm "half way there"
to either breaking or possibly expoiting your script. Now we go into
register_global s being disabled, by using my example URI here, you will
only be able to use that PHPSESSID var via $_GET['PHPSESSID'], whereas
for sessions, it would _HAVE_ to be: $_SESSION['PHPSESSID'] (or as it
stores a cookie, $_COOKIE['PHPSESSID']). As you can probably see here,
security has been enhanced for your script by making sure that the value
is coming from a predefined source, not just "anywhere".

Aside from the above, it also makes it much easier to read / follow your
code (especially if you return to it at a much later date fr upgrading /
maintenance or whatever, or for the next developer to read and follow
and take over from you).

I hope this clarifies things a little better for you, in a more friendly
manner =)

[color=blue]
>
> Thanks for your help.
> Cheers,
> J.[/color]


No probs.. am I to assume it was the globals issue? (just curious now =)
).



Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.ne t | forum.digiserv. net
Programming, Web design, development & hosting.

Re: $PHPSESSID blank on initial php file

Ian:

Very good point!

Let me investigate further and modify my scripts. First I am going to Read
The Fantastic Manual once more...

Cheers,
John.
[color=blue]
> John, it's not that at all.. apologies for the harshness.[/color]
No apologies needed.
[color=blue]
> No probs.. am I to assume it was the globals issue? (just curious now[/color]
=) ).
I had register_global s on, but now I am going to turn them off, and redo
some scripts. Better save than sHacked.

J.