PHP preserves sessions either by using cookies or by tokens. If you use
cookies, and one browser supports cookies,
and the other does not, the latter will break the site.
PHP 4.2 handles this automatically. But there are a some caveats:
1 You need to use the _SESSION variable to access session information.
2 You check to see if a session variable is registered by using
if (!session_is_registered
<mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/function.session-is-regi
stered.html> ('foo')) {
rather than
if ( ! isset( $foo
The latter will mostly work, but not always.
3 Non-relative URLs are assumed to point to external sites and hence don't
append the SID, as it would be a security risk to leak the SID to a
different server.
So if you are using PHP < 4.2, or using isset to find if session variables
are defined, or if you are using
absolute URL's, your results may vary with browser.
This from the PHP manual:
Passing the Session ID
There are two methods to propagate a session id:
* Cookies
* URL parameter
The session module supports both methods. Cookies are optimal, but because
they are not always available, we also provide an alternative way. The
second method embeds the session id directly into URLs.
PHP is capable of transforming links transparently. Unless you are using PHP
4.2 or later, you need to enable it manually when building PHP. Under UNIX,
pass --enable-trans-sid
<mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/install.configure.html#i
nstall.configure.enable-trans-sid> to configure. If this build option and
the run-time option session.use_trans_sid are enabled, relative URIs will be
changed to contain the session id automatically.
Note:
The arg_separator.output
<mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/configuration.directives
.html#ini.arg-separator.output> php.ini directive allows to customize the
argument seperator. For full XHTML conformance, specify & there.
Alternatively, you can use the constant SID which is always defined. If the
client did not send an appropriate session cookie, it has the form
session_name=session_id. Otherwise, it expands to an empty string. Thus, you
can embed it unconditionally into URLs.
The following example demonstrates how to register a variable, and how to
link correctly to another page using SID.
Example 856. Counting the number of hits of a single user
copy to clipboard <javascript:void(0);>
<?php
if (!session_is_registered
<mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/function.session-is-regi
stered.html> ('count')) {
session_register
<mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/function.session-registe
r.html> ('count');
$count = 1;
}
else {
$count++;
}
?>
Hello visitor, you have seen this page <?php echo
<mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/function.echo.html>
$count; ?> times.<p>
To continue, <A HREF="nextpage.php?<?php echo
<mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/function.echo.html>
strip_tags
<mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/function.strip-tags.html
> (SID)?>">click here</A>
The
<mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/function.strip-tags.html
> strip_tags() is used when printing the SID in order to prevent XSS related
attacks.
Printing the SID, like shown above, is not necessary if --enable-trans-sid
<mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/install.configure.html#i
nstall.configure.enable-trans-sid> was used to compile PHP.
Note:
Non-relative URLs are assumed to point to external sites and hence don't
append the SID, as it would be a security risk to leak the SID to a
different server.
Bill Kamp
[EMAIL PROTECTED]
(952) 681-9947
_____
From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf
Of Wade
Sent: Saturday, April 30, 2005 5:29 PM
To: [email protected]; [EMAIL PROTECTED];
[email protected]
Subject: [php_mysql] Session Question
04302005 1720 GMT-6
I wanted to post again my problem with sessions.
I have completed my project that I have been working on but when I went
to test it (I was testing in Mozilla browser) in IE, the sessions didnt
work. It only does not work in IE. In opera and mozilla things are fine
but when I try to do this in IE it fails every time.
A browser is a browser so Im uncertain as to my a session wouldnt or
couldnt work.
Wade
[Non-text portions of this message have been removed]
The PHP_mySQL group is dedicated to learn more about the PHP_mySQL web
database possibilities through group learning.
_____
Yahoo! Groups Links
* To visit your group on the web, go to:
http://groups.yahoo.com/group/php_mysql/
* To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
* Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
<http://docs.yahoo.com/info/terms/> .
[Non-text portions of this message have been removed]
The PHP_mySQL group is dedicated to learn more about the PHP_mySQL web database
possibilities through group learning.
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php_mysql/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
