>>Im using php5 and the server does have 4.2 or greater. Actually i
believe its 4.3.9.
Shouldnt this be handled automatically then?
I am using the if (isset ....
Bill Says:
Well I tend to use isset too, without any problems, but the PHP docs say to
use
if (!session_is_registered.
So I would suspect you maybe use absolute URL's?
If not, maybe how your session starts?
I do this:
// $Id: header.pup,v 1.13 2005/02/01 21:28:54 kamp Exp $
session_start();
session_name("EnvImgSession");
and include the above as a header on every page.
It does not hurt to call session_start more than once:
session_start() creates a session or resumes the current one based on the
current session id that's being passed via a request, such as GET, POST, or
a cookie.
If that does not help, do what I do and make a couple of session test pages
that print all session variables:
array_walk( $_SESSION, SessionPrint );
array_walk( $_REQUEST, RequestPrint );
array_walk( $_POST, PostPrint );
Set some variables in test page 1 and some others in test page 2, and bounce
between them with cookies on and off
to find the problem.
Also, are you using a ZoneAlarm, TeaTimer, or a pop-up blocker like Google
ToolBar? Turn them off, and see if it works.
At some settings, these can block cookies in a way that PHP cannot detect.
Bill Kamp
[EMAIL PROTECTED]
(952) 681-9947
_____
From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf
Of Wade
Sent: Saturday, April 30, 2005 6:13 PM
To: [email protected]
Subject: Re: [php_mysql] Session Question
04302005 1810 GMT-6
Im using php5 and the server does have 4.2 or greater. Actually i
believe its 4.3.9.
Shouldnt this be handled automatically then?
I am using the if (isset ....
This is just a login page to the next interior page.
Wade
Bill Kamp wrote:
>PHP preserves sessions either by using cookies or by tokens. If you use
>cookies, and one browser supports cookies,
>and the other does not, the latter will break the site.
>
>PHP 4.2 handles this automatically. But there are a some caveats:
>1 You need to use the _SESSION variable to access session information.
>2 You check to see if a session variable is registered by using
>if (!session_is_registered
><mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/function.session-is-reg
i
>stered.html> ('foo')) {
>rather than
>if ( ! isset( $foo
>The latter will mostly work, but not always.
>
>3 Non-relative URLs are assumed to point to external sites and hence don't
>append the SID, as it would be a security risk to leak the SID to a
>different server.
>
>So if you are using PHP < 4.2, or using isset to find if session variables
>are defined, or if you are using
>absolute URL's, your results may vary with browser.
>
>This from the PHP manual:
>
>Passing the Session ID
>
>
>There are two methods to propagate a session id:
>
>* Cookies
>
>* URL parameter
>
>The session module supports both methods. Cookies are optimal, but because
>they are not always available, we also provide an alternative way. The
>second method embeds the session id directly into URLs.
>
>PHP is capable of transforming links transparently. Unless you are using
PHP
>4.2 or later, you need to enable it manually when building PHP. Under UNIX,
>pass --enable-trans-sid
><mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/install.configure.html#
i
>nstall.configure.enable-trans-sid> to configure. If this build option and
>the run-time option session.use_trans_sid are enabled, relative URIs will
be
>changed to contain the session id automatically.
>
>Note:
>
>The arg_separator.output
><mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/configuration.directive
s
>html#ini.arg-separator.output> php.ini directive allows to customize the.
>argument seperator. For full XHTML conformance, specify & there.
>
>Alternatively, you can use the constant SID which is always defined. If the
>client did not send an appropriate session cookie, it has the form
>session_name=session_id. Otherwise, it expands to an empty string. Thus,
you
>can embed it unconditionally into URLs.
>
>The following example demonstrates how to register a variable, and how to
>link correctly to another page using SID.
>
>
>Example 856. Counting the number of hits of a single user
>
>copy to clipboard <javascript:void(0);>
><?php
>if (!session_is_registered
><mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/function.session-is-reg
i
>stered.html> ('count')) {
> session_register
><mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/function.session-regist
e
>r.html> ('count');
> $count = 1;
>}
>else {
> $count++;
>}
>?>
>
>Hello visitor, you have seen this page <?php echo
><mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/function.echo.html>
>$count; ?> times.<p>
>
>To continue, <A HREF="nextpage.php?<?php echo
><mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/function.echo.html>
>strip_tags
><mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/function.strip-tags.htm
l
>
>
>> (SID)?>">click here</A>
>>
>>
>
>The
><mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/function.strip-tags.htm
l
>
>
>>strip_tags() is used when printing the SID in order to prevent XSS related
>>
>>
>attacks.
>
>Printing the SID, like shown above, is not necessary if --enable-trans-sid
><mk:@MSITStore:C:\local\hlp\php\php_manual_en.chm::/install.configure.html#
i
>nstall.configure.enable-trans-sid> was used to compile PHP.
>
>Note:
>
>Non-relative URLs are assumed to point to external sites and hence don't
>append the SID, as it would be a security risk to leak the SID to a
>different server.
>
>
>
>Bill Kamp
>[EMAIL PROTECTED]
>(952) 681-9947
>
>
>
>
>
>
> _____
>
>From: [email protected] [mailto:[EMAIL PROTECTED] On
Behalf
>Of Wade
>Sent: Saturday, April 30, 2005 5:29 PM
>To: [email protected]; [EMAIL PROTECTED];
>[email protected]
>Subject: [php_mysql] Session Question
>
>
>04302005 1720 GMT-6
>
>I wanted to post again my problem with sessions.
>
>I have completed my project that I have been working on but when I went
>to test it (I was testing in Mozilla browser) in IE, the sessions didnt
>work. It only does not work in IE. In opera and mozilla things are fine
>but when I try to do this in IE it fails every time.
>
>A browser is a browser so Im uncertain as to my a session wouldnt or
>couldnt work.
>
>Wade
>
>
>[Non-text portions of this message have been removed]
>
>
>
>The PHP_mySQL group is dedicated to learn more about the PHP_mySQL web
>database possibilities through group learning.
>
>
>
> _____
>
>Yahoo! Groups Links
>
>
>* To visit your group on the web, go to:
>http://groups.yahoo.com/group/php_mysql/
>
>
>* To unsubscribe from this group, send an email to:
>[EMAIL PROTECTED]
><mailto:[EMAIL PROTECTED]>
>
>
>* Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
><http://docs.yahoo.com/info/terms/> .
>
>
>
>
>[Non-text portions of this message have been removed]
>
>
>
>The PHP_mySQL group is dedicated to learn more about the PHP_mySQL web
database possibilities through group learning.
>Yahoo! Groups Links
>
>
>
>
>
>
>
>
>
>
>
>
[Non-text portions of this message have been removed]
The PHP_mySQL group is dedicated to learn more about the PHP_mySQL web
database possibilities through group learning.
_____
Yahoo! Groups Links
* To visit your group on the web, go to:
http://groups.yahoo.com/group/php_mysql/
* To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
* Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
<http://docs.yahoo.com/info/terms/> .
[Non-text portions of this message have been removed]
The PHP_mySQL group is dedicated to learn more about the PHP_mySQL web database
possibilities through group learning.
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php_mysql/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
