[PHP] PHP 4 SESSION ONLY COOKIE - 1 attachment

Fri, 14 Nov 2003 05:55:01 -0800 

With the following script, i cannot create a session with 
session.use_only_cookies 'on'
When i login, the server NEVER set a cookie with the sessionID on my 
client... and he adds the SID to all my relating links on page.

What i want is a session, that saves the sid in a cokkie at the clients 
pc and NOT to add the SID to the relating links.

Thats my sourcecode:

Can U give me an answer what is wrong?
- Cookies are allowed in my browser
- session.use_cookies 'on'
- transid 'on'  (could only be changed by serveradmins)


<?PHP

//error_reporting(15);

ini_set("session.use_only_cookies", 1);



////////////////////////////////////////////////////////Verbindung 
öffnen//////////////////

include('connect.php'); 
$verbindung = @mysql_connect($IP,$USER,$PWD);
    
if (!$verbindung){
    echo "Keine Verbindung möglich!\n";
    exit;
}else{

    
    
    
/////////////////////////////////LOGIN///////////////////////////////////
////////////

  //cookieabfrage
$logincookiename = $tblprefix.'SID';   //def. cookiename

if($$logincookiename != ''){
    session_id($$logincookiename);    //SID auf die im Cookie 
gespeicherte setzen 
}
  //cookieabfrage

session_start();
$_SESSION['zaehler'] = 1;

$test = session_id();

$db_select = @MYSQL_SELECT_DB($DB);

$result = mysql_query("SELECT username FROM ".$tblprefix."_users WHERE 
sessionID = 'session_id()' ");
$sessionsfound = mysql_num_rows($result);

   //Session deleten wenn nicht eingeloggt
if ($sessionsfound != 1){
    session_unset();
    setcookie( session_name() ,"",0,"/");
    $_SESSION = array();
    session_destroy();
}

$session_id_string = session_id();

//////////////login - TRUE
if (($login == 'true') && ($session_id_string == '')){
    
    $login = '';
    
    $abfrage = "SELECT username, password FROM ".$tblprefix."_users WHERE 
username = '$loginname'";
    $erg = mysql_db_query($DB,$abfrage,$verbindung);
        list ($username,$password) = mysql_fetch_row($erg);
        
    if ($username == ''){
        $content = 'errors/login.php?error=loginname';
    }else{
        $abfrage = "SELECT loginversuche FROM ".$tblprefix."_users WHERE 
username = '$username'";
        $erg = mysql_db_query($DB,$abfrage,$verbindung);
            list ($loginversuche) = mysql_fetch_row($erg);
        
        if($loginversuche < 5){    
        
                    
            if($password == md5($loginpassword)){
            
                $abfrage = "SELECT sessionID FROM ".$tblprefix."_users 
WHERE username = '$username'";
                $erg = mysql_db_query($DB,$abfrage,$verbindung);
                    list ($sessionID) = mysql_fetch_row($erg);
                
                $abfrageupdate = "UPDATE ".$tblprefix."_users SET 
lastsessionID = '$sessionID' WHERE username = '$username'";
                $ergupdate = mysql_db_query($DB,$abfrageupdate,
$verbindung);
            
                
            
                $abfrageupdate = "UPDATE ".$tblprefix."_users SET 
loginversuche = '0' WHERE username = '$username'";
                $ergupdate = mysql_db_query($DB,$abfrageupdate,
$verbindung);
            
                if($dauerhafteslogin=='true'){
                    $dauerhafteslogin='';
                    setcookie($logincookiename ,session_id(),0,"/"); 
//cookie fuer dauerhaftes Login setzen
                }
                
                session_start();
                $_SESSION['zaehler'] = 1;
                
                $abfrageupdate = "UPDATE ".$tblprefix."_users SET 
sessionID = session_id() WHERE username = '$username'";
                $ergupdate = mysql_db_query($DB,$abfrageupdate,
$verbindung);
                                        
                $content = 'login/status.php';
            }else{
                ++$loginversuche;    
                    
                $abfrageupdate = "UPDATE ".$tblprefix."_users SET 
loginversuche = '$loginversuche' WHERE username = '$username'";
                $ergupdate = mysql_db_query($DB,$abfrageupdate,
$verbindung);
            
                $content = 'errors/login.php?error=password';
            }
        }else{
            $content = 'errors/login.php?error=accountblocked';
        }
    }
}            
////////////////////ENDE login TRUE///////////////////////                      

if (session_id() != ''){
    echo "u are logged in!<br>";
    echo session_id();
}else{
    echo"not logged in";
}
?>
}

begin 644 Warcraft III.lnk
[EMAIL PROTECTED];3````(````,"^-_O^A,,!`##!AWF$PP$`
MY_'[_H3#`0#P`P```````0````````````````````$!%``?4.!/T"#J.FD0
MHM@(`"LP,)T9`"[EMAIL PROTECTED]
M$`!34$E%3$4``"0``P`$`.^^U"P$.#HO`+`4````4P!P`&D`90!L`&4````6
M`$0`,0``````.R^[;A``5T%20U)!?C(``"P``P`$`.^^.R^[;CHO`+`4````
M5P!A`'(`8P!R`&[EMAIL PROTECTED]"``,[EMAIL PROTECTED](`!705)#4D%^
M,[EMAIL PROTECTED];CHO`+`4````5P!A`'(`8P!R`&[EMAIL PROTECTED]"``
M20!)[EMAIL PROTECTED]'@`90```!P```!>````'`````$````<````-P````````!=
M````&P````,```#=%38H$````$1!5$5.(#<U1T(`13I<4W!I96QE7%=A<F-R
M869T(#-<5V%R8W)[EMAIL PROTECTED])+F5X90``%`!%`#H`7`!3`'``:0!E`&P`90!<
M`%<`80!R`&,`<@!A`&[EMAIL PROTECTED],`)0!%`#H`7`!3`'``:0!E`&P`90!<`%<`
M80!R`&,`<@!A`&[EMAIL PROTECTED],`7`!7`&$`<@!C`'(`80!F`'0`(`!)`$D`20`N
+`&4`>`!E````````
`
end

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to