> Jeff Bluemel wrote: > > >I want to force it to use a cookie that points to a transparent SID on > >my system. > > > > Can you elaborate on this? I have no idea what you mean.
for some reason when I was reading the documentation on sessions on php.net I thought it stated that it was possible to have a cookie point at a transaprent ID. I guess one of my biggest concerns is security. I don't want somebody to be able to open a session with an ID, and I want them to login everytime. this all happens behind ssl too. I check my browser cookies, and I never see a cookieis, and my pages always pass a session ID number with them. what is the best, secure way, to have sessions ID's that the browser never see's? > >I've got the following options in my php.ini, but the system doesn't seem to > >ever use a cookie, and the sessions don't die. (that's my biggest concern > >is that the user has to login to the system EVERY time he visits the site.) > > > >session.use_cookies = 1 > >session.use_only_cookies = 1 > >session.use_trans_sid = 1 > > > > With use_trans_sid set, PHP is going to append the session ID to the URL > of links, etc., on: > > 1) The client's first visit, determined by the fact that the client sent > no session ID > 2) Any other visit where the client sent a session ID on the URL but not > in a cookie I set session.use_trans_sid = 0, but I still see the SID in the URL passing from session to session. > It sounds to me like either you're only noticing the first case there, > or your browser is not supplying the cookie on subsequent requests. > Maybe this bit of information will help you. > > Happy hacking. > > Chris > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php