problem with carrying session's ID

rshilkrot

i had a problem with my sessions getting reset everytime i visit a certain page, and then i got realize it's because the SESSION_ID didn't carry along the pages...
my question is: if i can't use cookies to carry SESSION_ID, and i think it'll be a very unefficient way to transfer a POST variable using hidden INPUT tags and forms, how else can i get the SESSION_ID over my pages? (given that i don't know how many pages, and where my user will surf)

thanks

dalecosp

Look at "enable.trans_sid" (something like that) in php.ini ...

HTH,

rshilkrot

so there isn't much to play around with there.

i can't believe this is not a wide-range problem, that everybody have to tackle.
cookies that arn't submitted from a certified site are rejected by most browsers, by security defaults. so PHP SESSION's IDs must be transfered by other means such as POST or GET forms and querystrings.
this is very annoying.:mad:

webblackes

like this :

$you_ID=session_id();
session_register("you_ID");

end you can use $you_ID everywhere !😃

dalecosp

Originally posted by rshilkrot
so there isn't much to play around with there.

i can't believe this is not a wide-range problem, that everybody have to tackle.
cookies that arn't submitted from a certified site are rejected by most browsers, by security defaults. so PHP SESSION's IDs must be transfered by other means such as POST or GET forms and querystrings.
this is very annoying.:mad:

And that is how it is done. With transparent support, if PHP can't use a cookie, it should automagically add the session ID to the query string for each page.

rshilkrot

what happens if i can't use quertystrings to carry session ID?
or form with POST methodm for that matter.

most of my site is pure HTML and i want to keep it that way. the first page that's loaded is PHP, and it should make a session that will endure a whole trip through the HTML pages, back to the main page.
in the mainpage i check for a session, before i assign a new one.

dalecosp

No cookies, no querystrings? To modify something said in the US, "Up the Jordan without a paddle."

That's like saying "how can I greet 5000 conference attendees by name without the use of name tags?" The server keeps track of each browser by a] assignment of a cookie or b] propagation via the URL. There are other methods, I suppose, but they are usually dependent on running PHP code on the server, which you say you don't want to do. How 'bout auto_prepend'ing a header file that carried the sessid?

I suppose you could try some common Javascript include that passed the var along, or write the supposed IP (what is it $_SERVER['REMOTE-ADDR']?) of the user into a db or flat file, and then if that IP hit the PHP page again, you'd look up the session ID and set it with session_name(), but we're getting way out on a limb here...

John_Canyon

why not simply change your .html pages over
to .php pages, you can keep them as html
page however you could place...
<?
session_start();
?>

before each page call thus carrying over the transparent session ID.

The other option is to edit your httpd.conf and allow .html files to be excuted as PHP files, thus giving the appearance of static html files while still executing and carrying over session_id's.

Dont forget you will need to have url_rewriting enabled in apache for this to work.

Cheers,

John

rshilkrot

this is probably an obscenity in this forum, but nevertheless:
ASP does carry a session over html pages, w/o the use of cookies.

dalecosp

How is it accomplished?