Quick question - sessions - PHPBuilder Forums

Quick question - sessions

ssanders82

Hey, I'm kinda new at this. I want to use sessions in my page for users to sign in...my server has the function turned on that if the browser doesn't accept cookies then it automatically adds the PHP session id on to the end of each link. However, sometimes I have automatic page transfers using header ("location:...") So, my question is, for these particular links do I have to manually add the PHP session id to the url to preserve the session or does the server add them to that too? Thanks.

Hiccup

Server will add them typically, from my experience.

edspace

I copied this from sessions reference manual at php.net.

session.use_trans_sid whether transparent sid support is enabled or not. Defaults to 0 (disabled).

Note: For PHP 4.1.2 or less, it is enabled by compiling with --enable-trans-sid. From PHP 4.2.0, trans-sid feature is always compiled.

URL based session management has additional security risks compared to cookie based session management. Users may send an URL that contains an active session ID to their friends by email or users may save an URL that contains a session ID to their bookmarks and access your site with the same session ID always, for example.

url_rewriter.tags specifies which html tags are rewritten to include session id if transparent sid support is enabled. Defaults to a=href,area=href,frame=src,input=src,form=fakeentry

Personally i have not tried sessions with location headers. You can test it yourself. Delete all the cookies. Disable cookies completely in your browser and test the script.

Personally i have tried sessions with regular links. I have enabled transparent id and include SID in the links also. what i have noticed si that SID is empty if cookies work and if trans id is enabled.

electricroot

I have been trying to do some sort of redirect without losing my transparent session id (Apache --enable-trans-sid). First I tried
header("Location:target.html");
but the target page URLs didn't have the SID. So I figured PHP wasn't parsing the HTML page, so I tried
include("target.html");
so the page would be a PHP page with the HTML included. That didn't work either.

However, I have another page that goes something like this...

<?php
$var1 = 'foo'; $var2 = 'bar';
include('template.html');
?>

where template.html is like

<HTML>
<A HREF="page.html">page</A>
<SCRIPT LANGUAGE="PHP">
print("<p>$var1</p>");
print("<p>$var2</p>");
</SCRIPT>
</HTML>

Amazingly enough, even the link in the HTML ("page.html") DOES have the SID in the link. The only thing I can see different about the one that works and the one that doesn't is the <SCRIPT> tags. Maybe this causes PHP to touch the HTML and hence adds the SID to the links.

Anyone who can clarify this, please do. I would like to know the determining factor as it is giving me pains to rewrite a bunch of HTML pages just to get the SID in.