> Jeff Bluemel wrote:
> >I want to force it to use a cookie that points to a transparent SID on
> >my system.
> >
> Can you elaborate on this? I have no idea what you mean.

for some reason when I was reading the documentation on sessions on php.net
I thought it stated that it was possible to have a cookie point at a
transaprent ID.  I guess one of my biggest concerns is security.  I don't
want somebody to be able to open a session with an ID, and I want them to
login everytime.  this all happens behind ssl too.

I check my browser cookies, and I never see a cookieis, and my pages always
pass a session ID number with them.  what is the best, secure way, to have
sessions ID's that the browser never see's?

> >I've got the following options in my php.ini, but the system doesn't seem
> >ever use a cookie, and the sessions don't die.  (that's my biggest
> >is that the user has to login to the system EVERY time he visits the
> >
> >session.use_cookies = 1
> >session.use_only_cookies = 1
> >session.use_trans_sid = 1
> >
> With use_trans_sid set, PHP is going to append the session ID to the URL
> of links, etc., on:
> 1) The client's first visit, determined by the fact that the client sent
> no session ID
> 2) Any other visit where the client sent a session ID on the URL but not
> in a cookie

I set session.use_trans_sid = 0, but I still see the SID in the URL passing
from session to session.

> It sounds to me like either you're only noticing the first case there,
> or your browser is not supplying the cookie on subsequent requests.
> Maybe this bit of information will help you.
> Happy hacking.
> Chris

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to