passing session without including id in url

focusbeam

hi, i know if I include session_start() in my script, the urls will have the session id attached to it, and you can turn it off by disabling session.use_only_cookies in php.ini.
But the problem is if i turn that off will the session still be passed on in every browser?? because when i use ie and turn session.use_only_cookies off the session would still be passed on......

drawmack

first of all you have to enable use_only_cookies not disable it.

second if you disable it then the id is passed in the urls of hrefs and also placed in a cookie (if session_use_cookies is turned on)

to answer the question: session use only cookies means that if the user has disabled cookies then your script will not work no matter what browser they are using. Personally I use the session_use_only_cookies so that my code validates as xhtml becuase the session id that is added is added with & and not &amp;

focusbeam

thanks but sry that didn't quite answered my question.......So here's another one: does a session still be passed on to the second window (opened from the first window that has already started a session), if use_only_cookies is enabled (eg. no session ids in the link)???
because i tried not including the session id in the link and the session is still passed on the the second window, is it always like that?? or the session id is just some how passed to the second window.

laserlight

and you can turn it off by disabling session.use_only_cookies in php.ini

Actually, one should set session.use_trans_id to off instead.

oes a session still be passed on to the second window (opened from the first window that has already started a session), if use_only_cookies is enabled

Yes.
Basically, all that you're trying to do here is to maintain state, i.e. the same data is maintained over multiple webpages.
You can do so by using the query string (i.e. the session id appended to the URI), and also by using a cookie, if the web browser allows for it.