Re: [PHP] PHPSESSID in links
Kevin Murphy wrote: I've got a site (password protected, sorry) where I have this in the top of my template: session_start(); $iSessionId = session_id(); $iSessionName = session_name(); Then I have a bunch of links like this in the site: echo "Departments"; The first time, and only the first time you load the page, that link is transformed in the HTML output to be this: href="/departments/?PHPSESSID=4aec641b497131493b1c4bf489def723">Departments But if I reload the page, or go to any other page, I will get this: Departments which is what I want. Obviously I could do something where if it detects the PHPSESSID in the URL, it forces the page to reload, but I was thinking that there would be another way to do this without adding another page load into the mix. Is there? These are caused by the php.ini setting session.use_trans_sid being on. This setting allows sessions to work when cookies are disabled. http://php.net/ref.session#ini.session.use-trans-sid I'm not sure why you have such a problem with it. Why is it important that the URL does not contain the session ID? Anyway, the way to "fix" it is to disable that php.ini setting. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHPSESSID in links
I've got a site (password protected, sorry) where I have this in the top of my template: session_start(); $iSessionId = session_id(); $iSessionName = session_name(); Then I have a bunch of links like this in the site: echo "Departments"; The first time, and only the first time you load the page, that link is transformed in the HTML output to be this: Departments But if I reload the page, or go to any other page, I will get this: Departments which is what I want. Obviously I could do something where if it detects the PHPSESSID in the URL, it forces the page to reload, but I was thinking that there would be another way to do this without adding another page load into the mix. Is there? -- Kevin Murphy Webmaster: Information and Marketing Services Western Nevada College www.wnc.edu 775-445-3326 P.S. Please note that my e-mail and website address have changed from wncc.edu to wnc.edu.
Re: [PHP] PHPSESSID used sporatically
On Wed, August 16, 2006 10:56 pm, Michael B Allen wrote: > On Thu, 17 Aug 2006 12:06:08 +1000 > Chris <[EMAIL PROTECTED]> wrote: > >> Michael B Allen wrote: >> > Searching through the logs and browsing my site (see sig) I >> sometimes see >> > PHPSESSID is used as opposed to cookies. I know it's not simply >> that the >> > client doesn't support cookies because I can see the same IP >> transition >> > to and from using PHPSESSID. Can someone explain why this is >> happening? >> >> Is session.use_trans_sid switched on? > > Yes. It is. After reading about it I can't quite see what benifit it > provides. Should I just turn it off? If your userbase has been convinced by the idiot Media that Cookies are Evil, you should just leave it on. If you think COOKIES are somehow safer than GET args for data transmission, turn it off. [*] * Based on your Active Directory post, I'll assume you know COOKIE is as amenable to sniffing as GET, and that the only potential differenes are: 1. Users seldom export and forward Cookies, but often send URLs to their friends. 2. The dumbest of the dumb can munge a URL. Altering a Cookie require poking around in the "Options..." in current browsers, or editing text files in older browsers. 3. Cookies can be set to be transmitted ONLY via SSL, which is good. 4. In PHP 5, with browsers that support it, Cookies can be sent only over HTTP... Though any Real Hacker (tm) could work around this anyway, so it seems kinda pointless to me... -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPSESSID used sporatically
On Wed, August 16, 2006 8:44 pm, Michael B Allen wrote: > Searching through the logs and browsing my site (see sig) I sometimes > see > PHPSESSID is used as opposed to cookies. I know it's not simply that > the > client doesn't support cookies because I can see the same IP > transition > to and from using PHPSESSID. Can someone explain why this is > happening? Your assumption that the same IP is the same session is one explanation... IP in general is useless for identification, much less authentication. Unless you KNOW those specific IPs are static, and only used by one person on one browser, then you need to do much more research to see if people really are switching from Cookie to PHPSESSID (presumably via GET). A simple error_log in your script should get you started: error_log(session_id() . " $_COOKIE[PHPSESSID] $_GET[PHPSESSID]"); -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPSESSID used sporatically
On Thu, 17 Aug 2006 12:06:08 +1000 Chris <[EMAIL PROTECTED]> wrote: > Michael B Allen wrote: > > Searching through the logs and browsing my site (see sig) I sometimes see > > PHPSESSID is used as opposed to cookies. I know it's not simply that the > > client doesn't support cookies because I can see the same IP transition > > to and from using PHPSESSID. Can someone explain why this is happening? > > Is session.use_trans_sid switched on? Yes. It is. After reading about it I can't quite see what benifit it provides. Should I just turn it off? Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPSESSID used sporatically
On Thu, 17 Aug 2006 14:26:17 +1000 Chris <[EMAIL PROTECTED]> wrote: > Michael B Allen wrote: > > On Thu, 17 Aug 2006 12:06:08 +1000 > > Chris <[EMAIL PROTECTED]> wrote: > > > >> Michael B Allen wrote: > >>> Searching through the logs and browsing my site (see sig) I sometimes see > >>> PHPSESSID is used as opposed to cookies. I know it's not simply that the > >>> client doesn't support cookies because I can see the same IP transition > >>> to and from using PHPSESSID. Can someone explain why this is happening? > >> Is session.use_trans_sid switched on? > > > > Yes. It is. After reading about it I can't quite see what benifit it > > provides. Should I just turn it off? > > It depends on your site. > > If you do something like this for a search: > > > I could send someone a url with the sessionid on the end of it, and it > won't have to do the bit in the middle, it will be able to jump right to > the end (the foreach loop). I'm not doing anything like that. Sessions are only used to prevent duplicate form invokations. But my boilerplate code calls session_start for all .php pages. I suppose I should be more selective to make things a little more efficient. But I'm still confuse. Why aren't cookies alone sufficient to satisfy the session code? Is PHPSESSID used because of some kind of transition from a PHP page that calls session_start to a page that does not? Does session.use_trans_sid simply enable the PHPSESSID in URLs or does it have a deeper semantic? The URLs for the tabs my site are not dynamically generated and yet they're being rewritten. Is that PHP or Apache doing that? Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPSESSID used sporatically
Michael B Allen wrote:
On Thu, 17 Aug 2006 12:06:08 +1000
Chris <[EMAIL PROTECTED]> wrote:
Michael B Allen wrote:
Searching through the logs and browsing my site (see sig) I sometimes see
PHPSESSID is used as opposed to cookies. I know it's not simply that the
client doesn't support cookies because I can see the same IP transition
to and from using PHPSESSID. Can someone explain why this is happening?
Is session.use_trans_sid switched on?
Yes. It is. After reading about it I can't quite see what benifit it
provides. Should I just turn it off?
It depends on your site.
If you do something like this for a search:
if (!isset($_SESSION['SearchResults']) ||
empty($_SESSION['SearchResults'])) {
..
$result = $db->query($search_query);
$search_results = array();
while($row = $db->fetch($result)) {
$search_results[] = $row;
}
$_SESSION['SearchResults'] = $search_results;
}
foreach($_SESSION['SearchResults'] as $k => $details) {
}
I could send someone a url with the sessionid on the end of it, and it
won't have to do the bit in the middle, it will be able to jump right to
the end (the foreach loop).
If you don't do something like that, then you probably don't need the
trans_sid on.
so it depends on your site and your code.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPSESSID used sporatically
Michael B Allen wrote: Searching through the logs and browsing my site (see sig) I sometimes see PHPSESSID is used as opposed to cookies. I know it's not simply that the client doesn't support cookies because I can see the same IP transition to and from using PHPSESSID. Can someone explain why this is happening? Is session.use_trans_sid switched on? (Check a phpinfo page). -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHPSESSID used sporatically
Searching through the logs and browsing my site (see sig) I sometimes see PHPSESSID is used as opposed to cookies. I know it's not simply that the client doesn't support cookies because I can see the same IP transition to and from using PHPSESSID. Can someone explain why this is happening? I'm using PHP 4. Thanks, Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPSESSID Being Stubbornly Persistent
[snip]
ini_set('session.use_trans_sid', '0');
[/snip]
I think, at least according to the manual
session.use_trans_sid can only be set in php.ini, .htaccess or
httpd.conf
http://www.php.net/ini_set look at session.use_trans_sid
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHPSESSID Being Stubbornly Persistent
I have the following lines in a PHP script:
ini_set('session.save handler','user');
ini_set('session.use_cookies', '1');
ini_set('session.use_only_cookies', '1');
ini_set('session.cookie_lifetime', '0');
ini_set('session.use_trans_sid', '0');
I do not want the Session ID to be passed via the URL, however, even with
the above lines in my script, PHP is still appending the Session ID and code
to the end of all URLs on the first page visited in the site. All pages
after that, however, do not have the Session ID appended to all URLs, just
the first page visited.
I have PHP 4.3.2 installed on a RedHat Linux ES 3.0 server. Is there
anything I can do to prevent this from happening?
Monty
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPSESSID in passthru
Sorry, but I tried this : session.use_cookies = 0 in php.ini and I have always the bug. And if I use htmldoc on command line with same args it works fine. Could php forbidden using of PHPSESSID ? Nicolas Le mar 23/03/2004 à 16:37, Raditha Dissanayake a écrit : > Guillouet Nicolas wrote: > > >Hi, > >I discover a surprising thing with PHPSESSID, I try something like this > >: > > > >$var="htmldoc -t html --quiet '' > >'https://login:[EMAIL > >PROTECTED]/file.php?documentIdent=157&typeAffiche=3&PHPSESSID=068dd351a106bb6ead80e11a27f75100'"; > >echo 'var='.$var; > >passthru($var); > > > > > >passthru is waiting for and don't give the result. > > > >In the other hand, if I use an other word than PHPSESSID it works. It > >seems to be a security constraint, how can I do to forcing PHP to use it > >? > > > > > > > Could be that your sessions are set up to work with cookies, this > mechanism that you are using will not send the cookie to the browser and > thus it causes the wait state. > > > > > > -- > Raditha Dissanayake. > - > http://www.radinks.com/print/upload.php > SFTP, FTP and HTTP File Upload solutions -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPSESSID in passthru
Guillouet Nicolas wrote: Hi, I discover a surprising thing with PHPSESSID, I try something like this : $var="htmldoc -t html --quiet '' 'https://login:[EMAIL PROTECTED]/file.php?documentIdent=157&typeAffiche=3&PHPSESSID=068dd351a106bb6ead80e11a27f75100'"; echo 'var='.$var; passthru($var); passthru is waiting for and don't give the result. In the other hand, if I use an other word than PHPSESSID it works. It seems to be a security constraint, how can I do to forcing PHP to use it ? Could be that your sessions are set up to work with cookies, this mechanism that you are using will not send the cookie to the browser and thus it causes the wait state. -- Raditha Dissanayake. - http://www.radinks.com/print/upload.php SFTP, FTP and HTTP File Upload solutions -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHPSESSID in passthru
Hi, I discover a surprising thing with PHPSESSID, I try something like this : $var="htmldoc -t html --quiet '' 'https://login:[EMAIL PROTECTED]/file.php?documentIdent=157&typeAffiche=3&PHPSESSID=068dd351a106bb6ead80e11a27f75100'"; echo 'var='.$var; passthru($var); passthru is waiting for and don't give the result. In the other hand, if I use an other word than PHPSESSID it works. It seems to be a security constraint, how can I do to forcing PHP to use it ? Thanks Nicolas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHPSESSID and URL rewriting
Hi everyone, I have this situation: I use some regular expressions to rewrite the URL of a web site, in particular: http://www.mysite.com/lingua-ita/colore-rosso/pagina.html that becames http://www.mysite.com/pagina.php?lingua=ita&colore=rosso. Is all ok until I use some session variables. It happens that the string ?PHPSESSID=[valore] is merge to the link and this will cause a damage in the URL rewriting. Note that the string comes merged by the browser (Explorer, opera) to the link I wrote before. (http://www.mysite.com/lingua-ita/colore-rosso/pagina.html?PHPSESSID=f4s6f5d4fs65df4s65fd4). Since the links first come in this format, then are rewroted by the rule in the file htaccess and finally parsed by the webserver (apache , IIS), How can I avoid it? I tried with: RewriteRule (.*)?PHPSESSID=(.*) /PHPSESSID-$2/$1 as last rule, but it didn't work. Can you help me? thanks in advance Seba -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHPSESSID and URL rewriting
Hi everyone, I have this situation: I use some regular expressions to rewrite the URL of a web site, in particular: http://www.mysite.com/lingua-ita/colore-rosso/pagina.html that becames http://www.mysite.com/pagina.php?lingua=ita&colore=rosso. Is all ok until I use some session variables. It happens that the string ?PHPSESSID=[valore] is merge to the link and this will cause a damage in the URL rewriting. Note that the string comes merged by the browser (Explorer, opera) to the link I wrote before. (http://www.mysite.com/lingua-ita/colore-rosso/pagina.html?PHPSESSID=f4s6f5d4fs65df4s65fd4). Since the links first come in this format, then are rewroted by the rule in the file htaccess and finally parsed by the webserver (apache , IIS), How can I avoid it? I tried with: RewriteRule (.*)?PHPSESSID=(.*) /PHPSESSID-$2/$1 as last rule, but it didn't work. Can you help me? thanks in advance Seba -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPSESSID AND SID
phpsessid is the default name of the session cookie sent from the browser to
PHP. So it becomes part of the $_COOKIE array, which PHP automatically
turns into a global variable for you.
Therefore I use $_COOKIE['phpsessid'] to retrieve it.
But often I use session_name() to replace phpsessid with a more descriptive
name. In that case, the key in the cookie collection is changed
accordingly.
So it seems there's nothing special about phpsessid other than it being the
default cookie name.
- Original Message -
From: "Daryl Meese" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, July 30, 2003 12:59 PM
Subject: [PHP] PHPSESSID AND SID
> This should be a simple question but I can't find the answer in the
manual.
>
> is it necessary to global variables or constants in functions?
> i.e.
> function Foo()
> {
> global $PHPSESSID;
> global SID; // how would you do that anyway?
> }
>
> Thanks in advance
>
> Daryl
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHPSESSID AND SID
This should be a simple question but I can't find the answer in the manual.
is it necessary to global variables or constants in functions?
i.e.
function Foo()
{
global $PHPSESSID;
global SID; // how would you do that anyway?
}
Thanks in advance
Daryl
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPSESSID auto-append
--- Kris Yates <[EMAIL PROTECTED]> wrote: > What php.ini setting causes the following: > > A link in a document index gets > modified by PHP, so that the end-user sees > index > > in the source? How do you turn this off? session.use_trans_sid = 1 Make that 0. Chris = Become a better Web developer with the HTTP Developer's Handbook http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPSESSID auto-append
On Wednesday 16 July 2003 22:45, Kris Yates wrote: > What php.ini setting causes the following: > > A link in a document index gets modified by PHP, > so that the end-user sees > index > > in the source? How do you turn this off? session.use_trans_sid -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* No woman will treat you as badly as the woman you marry -- Murphy's Laws of Dating n6 */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHPSESSID auto-append
What php.ini setting causes the following: A link in a document index gets modified by PHP, so that the end-user sees index in the source? How do you turn this off? Thanks, Kris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPSESSID Length?
Hi Henrik, Take a look at session_id, you can use it to get or set the session id. Using some of my random generation functions I juse 72 to 96 character session ids for my more secure PHP applications. Remember if you want it to remain secure you need to pass it through SSL, longer keys do no good if someone is packet sniffing. Jason Henrik Hudson wrote: Hey List- I'm trying to figure out how to make the PHPSESSID cookie be longer then 32 characters? One can set the entropy file and entropy length, but if my understanding of entropy is correct then that just helps randomize the 32 chars and not not actually make a string that much longer or shorter. Can't seem to find anything in the archives or Google. Then again, is a 32-length string sufficient for protecting a browser session length of "session"? Thanks. Henrik -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHPSESSID Length?
Hey List- I'm trying to figure out how to make the PHPSESSID cookie be longer then 32 characters? One can set the entropy file and entropy length, but if my understanding of entropy is correct then that just helps randomize the 32 chars and not not actually make a string that much longer or shorter. Can't seem to find anything in the archives or Google. Then again, is a 32-length string sufficient for protecting a browser session length of "session"? Thanks. Henrik -- Henrik Hudson [EMAIL PROTECTED] "`If there's anything more important than my ego around, I want it caught and shot now.'" --Hitchhikers Guide to the Galaxy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHPSESSID Handling...
> I'm working on securing my application, and am running into a slight
issue
> that I cannot seem to find a fix for. If the attacker changes his
> PHPSESSID
> cookie to contain illegal characters, it causes an error on the screen
> upon
> session_start().
>
> How can I check to see if this is a valid number, and if it is not,
exit
> the
> application?
if(ereg('[^0-9a-f]',$_REQUEST['PHPSESSID']))
{ die("Error in session id"); }
---John W. Holmes...
PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHPSESSID Handling...
Hi Everyone, I'm working on securing my application, and am running into a slight issue that I cannot seem to find a fix for. If the attacker changes his PHPSESSID cookie to contain illegal characters, it causes an error on the screen upon session_start(). How can I check to see if this is a valid number, and if it is not, exit the application? -Dan Joseph -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $PHPSESSID
I think it might have something to do with --enable-trans-sid read up on that Jim - Original Message - From: "Liam Gibbs" <[EMAIL PROTECTED]> To: "php list" <[EMAIL PROTECTED]> Sent: Friday, March 07, 2003 8:45 PM Subject: [PHP] $PHPSESSID First of all, thanks all who helped with the min and max functions (that works) and the dollar sign bit (which also works). Kudos. Couldn't have done it without y'all! Here's the newest brain teaser: I have cookies disabled (well, I have IE set to the highest security mode, where it disables cookies). I understand that with cookies enabled, $PHPSESSID will return nothing when it works. However, it will return a value when cookies are disabled and the page is refreshed after a cookie is attempted. I'm still getting nothing either way. Anybody know why? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $PHPSESSID
At 05:45 08.03.2003, Liam Gibbs said: [snip] >Here's the newest brain teaser: I have cookies disabled (well, I have IE set >to the highest security mode, where it disables cookies). I understand that >with cookies enabled, $PHPSESSID will return nothing when it works. However, >it will return a value when cookies are disabled and the page is refreshed >after a cookie is attempted. I'm still getting nothing either way. Anybody >know why? [snip] You mean the SID constant I assume. This constant is only defined if the client didn't send the right cookie. There's no global variable holding the session identifier - you can use session_id() to retrieve (and set!) the current session identifier, and session_name() to retrieve (and set!) the name of the session (which usually is PHPSESSIONID). For further information check out http://www.php.net/manual/en/ref.session.php. -- >O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] $PHPSESSID
First of all, thanks all who helped with the min and max functions (that works) and the dollar sign bit (which also works). Kudos. Couldn't have done it without y'all! Here's the newest brain teaser: I have cookies disabled (well, I have IE set to the highest security mode, where it disables cookies). I understand that with cookies enabled, $PHPSESSID will return nothing when it works. However, it will return a value when cookies are disabled and the page is refreshed after a cookie is attempted. I'm still getting nothing either way. Anybody know why?
Re: [PHP] PHPSESSID on entry page only
On Thursday 29 August 2002 08:00, Todd Pasley wrote: > > On a clients first visit to a site, the PHPSESSID gets written into the > > URL, but not on any additional requests. > > > > Has anyone had this problem? It wasn't happening before the upgrade. > > > > Running: > > > > Redhat 7.3 > > PHP 4.2.2 > > Apache 1.3.26 > > The same thing happens to me, however, sessions are working fine throughout > the entire site... just wondering.. is it actually inhibiting you from > doing anything? That's because you have enabled session.use_trans_sid. On the first visit to the site, php doesn't know whether the browser accepts cookies, thus it attaches the PHPSESSID. Once it has determined that the browser accepts cookies on subsequent pages it doesn't use PHPSESSID anymore. Disable cookies in your browser and you'll see that PHPSESSID is attached throughout your visit. -- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * /* If God had meant for us to be naked, we would have been born that way. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPSESSID on entry page only
> > On a clients first visit to a site, the PHPSESSID gets written into the > URL, but not on any additional requests. > > Has anyone had this problem? It wasn't happening before the upgrade. > > Running: > > Redhat 7.3 > PHP 4.2.2 > Apache 1.3.26 The same thing happens to me, however, sessions are working fine throughout the entire site... just wondering.. is it actually inhibiting you from doing anything? todd. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHPSESSID on entry page only
Hello, Have a strange problem since upgrading to 4.2.2. On a clients first visit to a site, the PHPSESSID gets written into the URL, but not on any additional requests. Has anyone had this problem? It wasn't happening before the upgrade. Running: Redhat 7.3 PHP 4.2.2 Apache 1.3.26 php.ini reflects: session.auto_start = 1 register_globals = On session.use_trans_sid = 1 php_info() shows: Session Support: Enabled session.use_trans_sid = 1 Thanks in advance! -Jason -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPSESSID appended to URL on initial page load
Actually, over the weekend, I started using sessions in my scripts.
All I did was start it using session_start();
I only noticed this behaviour using Opera 6.02 Linux browser running
under FBSD 4.6-Stable.
(It may have happened in mozilla 1.0 r3, but I may have not paid
attention to it).
I load the page the first time and the PHPSESSID is appended to the url.
All links on the pages has the same appended SID. Then a reload clears
it away.
I thought it was something in my code since Im not too familiar on
session usage.
Im running php 4.2.2 on FBSD 4.6.2-Release.
Thx
Monte Ohrt wrote:
> Hi, I have a few questions with php sessions, below is an example script:
>
> test_sess.php
> -
>
>
> session_cache_limiter("");
> session_start();
>
> ?>
> local path
>
>
>
> When I initially load the file (session cookie gets set), the HREF
> link gets the PHPSESSID appended to it. If I reload the page (cookie
> already set) the appendage goes away.
>
> According to the PHP manual, the PHPSESSID gets appended to the URL
> only in the case the session cookie is not accepted by the browser.
>
> I would guess that on the first page load the server has no way of
> knowing if the browser accepted the cookie. So maybe this is
> intentional? I'm trying to figure out how to avoid PHPSESSID in the
> URLs entirely unless the browser does not accept cookies. I suppose I
> could disable URL rewriting altogether and rely soley on cookies. How
> do I disable PHP session URL rewriting? I don't see a setting in
> php.ini for it.
>
> PHP 4.2.2, Solaris Sparc
>
>
> TIA
> Monte
>
> php.ini
> ---
>
>
>
> [Session]
> ; Handler used to store/retrieve data.
> session.save_handler = files
>
> ; Argument passed to save_handler. In the case of files, this is the
> path
> ; where data files are stored. Note: Windows users have to change this
> ; variable in order to use PHP's session functions.
> session.save_path = /export/tmp
> ; Whether to use cookies.
> session.use_cookies = 1
>
>
> ; Name of the session (used as cookie name).
> session.name = PHPSESSID
>
> ; Initialize session on request startup.
> session.auto_start = 0
>
> ; Lifetime in seconds of cookie or, if 0, until browser is restarted.
> session.cookie_lifetime = 0
>
> ; The path for which the cookie is valid.
> session.cookie_path = /
>
> ; The domain for which the cookie is valid.
> session.cookie_domain =
>
> ; Handler used to serialize data. php is the standard serializer of PHP.
> session.serialize_handler = php
>
> ; Percentual probability that the 'garbage collection' process is started
> ; on every session initialization.
> session.gc_probability = 1
>
> ; After this number of seconds, stored data will be seen as 'garbage' and
> ; cleaned up by the garbage collection process.
> session.gc_maxlifetime = 1440
>
> ; Check HTTP Referer to invalidate externally stored URLs containing ids.
> session.referer_check =
>
> ; How many bytes to read from the file.
> ;session.entropy_length = 0
> session.entropy_length = 32
>
> ; Specified here to create the session id.
> ;session.entropy_file =
> session.entropy_file = /dev/urandom
>
> ; Set to {nocache,private,public} to determine HTTP caching aspects.
> session.cache_limiter = nocache
>
> ; Document expires after n minutes.
> session.cache_expire = 180
>
> ; use transient sid support if enabled by compiling with
> --enable-trans-sid.
> session.use_trans_sid = 1
>
> url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
>
>
--
Gerard Samuel
http://www.trini0.org:81/
http://dev.trini0.org:81/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHPSESSID appended to URL on initial page load
Hi, I have a few questions with php sessions, below is an example script:
test_sess.php
-
local path
When I initially load the file (session cookie gets set), the HREF link
gets the PHPSESSID appended to it. If I reload the page (cookie already
set) the appendage goes away.
According to the PHP manual, the PHPSESSID gets appended to the URL only
in the case the session cookie is not accepted by the browser.
I would guess that on the first page load the server has no way of
knowing if the browser accepted the cookie. So maybe this is
intentional? I'm trying to figure out how to avoid PHPSESSID in the URLs
entirely unless the browser does not accept cookies. I suppose I could
disable URL rewriting altogether and rely soley on cookies. How do I
disable PHP session URL rewriting? I don't see a setting in php.ini for it.
PHP 4.2.2, Solaris Sparc
TIA
Monte
php.ini
---
[Session]
; Handler used to store/retrieve data.
session.save_handler = files
; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
session.save_path = /export/tmp
; Whether to use cookies.
session.use_cookies = 1
; Name of the session (used as cookie name).
session.name = PHPSESSID
; Initialize session on request startup.
session.auto_start = 0
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0
; The path for which the cookie is valid.
session.cookie_path = /
; The domain for which the cookie is valid.
session.cookie_domain =
; Handler used to serialize data. php is the standard serializer of PHP.
session.serialize_handler = php
; Percentual probability that the 'garbage collection' process is started
; on every session initialization.
session.gc_probability = 1
; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440
; Check HTTP Referer to invalidate externally stored URLs containing ids.
session.referer_check =
; How many bytes to read from the file.
;session.entropy_length = 0
session.entropy_length = 32
; Specified here to create the session id.
;session.entropy_file =
session.entropy_file = /dev/urandom
; Set to {nocache,private,public} to determine HTTP caching aspects.
session.cache_limiter = nocache
; Document expires after n minutes.
session.cache_expire = 180
; use transient sid support if enabled by compiling with --enable-trans-sid.
session.use_trans_sid = 1
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHPSESSID question
On Tuesday 09 April 2002 17:20, Nick Wilson wrote: > Hi all > I've just moved host and I'm getting a very ugly PHPSESSID string > appended to my url's This happens when php is compiled with the "--enable-trans-sid" option. > I know this can be fixed but can't remember how, my ISP is not so bright > so I was hoping someone could tell me what to tell them. Several days ago, someone posted some code that was supposed to deal with this. Search the archives. -- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * /* "They told me I was gullible ... and I believed them!" */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHPSESSID question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all I've just moved host and I'm getting a very ugly PHPSESSID string appended to my url's I know this can be fixed but can't remember how, my ISP is not so bright so I was hoping someone could tell me what to tell them. How can I change this? Many thanks... - -- - --- www.explodingnet.com |Projects, Forums and +Articles for website owners - -- Nick Wilson -- |and designers. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE8srJUHpvrrTa6L5oRArzXAJ0ag67N3dLt6XDENMnICZASNvxUwQCgl8qG HIMOxuSNNxOo0+bes0vVjTA= =NzeB -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] "; PHPSESSID" in onfocus field
I have a website where I use sessions. After a user has logged of, the logon
screen appears again. The username field is filled with the value from a
cookie.
What happens:
For example: username = "Peter"
In the situation that I log of (and the logon page appears), the username
field gets the value from the cookie and the string "; PHPSESSID". ("Peter;
PHPSESSID")
When I close the browser window and open a new browser window the value of
the username is correct ("Peter"). The string "; PHPSESSID" is not in the
cookie. What is the reason that this string (the variable name for session
id as set in my php.ini) appears in this field?
In other words, why is the session_id variable name displayed in a field
that is filled by a cookie. I also tried to end the session, but the only
thing I can find is destroy_session and that only destroys everything that
is within that session, but it does not kill the session itsselfs
How do I solve this problem.
Regards,
Gilbert
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] $PHPSESSID on PHP 4.1.0
JNT> If I do this: JNT> echo $PHPSESSID; I've encountered the same when instaling the Mandrake Linux 8.1 with a precompiled php - also 4.1.0. Sessions just doesn't seem to work no matter how I access them. I installed Redhat 7.1 on my server again, and left the problem for my ISP. Kind regards, Morten Winkler -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] $PHPSESSID on PHP 4.1.0
Hi One way is or if cookies aren't used try $PHPSESSID seems to only get set if it comes back as a cookie Tom At 04:39 AM 18/12/01, Julio Nobrega Trabalhando wrote: > Hi All, > > I have a few scripts using $PHPSESSID to softly disable cookies >requirement on some pages. I just installed PHP 4.1.0 and I am porting some >lines to adapt to the new version. > > If I do this: > >echo $PHPSESSID; >?> > >It doesn't show nothing at all. Did something changed, does this var now >have a new name, some new way to access it? > > Thanks for any help, > >-- > >Julio Nobrega. > >Um dia eu chego lá: >http://sourceforge.net/projects/toca > > > >-- >PHP General Mailing List (http://www.php.net/) >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] $PHPSESSID on PHP 4.1.0
Hi All, I have a few scripts using $PHPSESSID to softly disable cookies requirement on some pages. I just installed PHP 4.1.0 and I am porting some lines to adapt to the new version. If I do this: It doesn't show nothing at all. Did something changed, does this var now have a new name, some new way to access it? Thanks for any help, -- Julio Nobrega. Um dia eu chego lá: http://sourceforge.net/projects/toca -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHPSESSID in session
If the user's browser does not support the session cookie like it should,
PHP will automatically "rewrite" your url's and add "?PHPSESSID=".
So you don't need to force PHPSESSID to be sent, but you could always just
add ?PHPSESSID= onto all the urls you want.
It's just really ugly that way.
--
Plutarck
Should be working on something...
...but forgot what it was.
""nicuc.ac.jp"" <[EMAIL PROTECTED]> wrote in message
9bp4n3$7uk$[EMAIL PROTECTED]">news:9bp4n3$7uk$[EMAIL PROTECTED]...
> I use session in my Shopping cart program.
> start with
>
> session_start() ;
>
> and register the value with
>
> session_register('uid') ;
>
> when I want to pass the session value to another page I use
>
> echo "click" ;
>
>
> In 'somepage.php' I try to echo $uid the output that correct
> My question is why my url not contain like
>
> http://aaa.com/somepage.php?PHPSESSID= blah... blah..
>
> It's not show like above just show like below
>
> http://aaa.com/somepage.php
>
> and it's work... ?
>
>
> Is this because session send cookies to the browser ?
> How could I do if I need to force session not sent the cookies to user ?
>
>
> Any comment would be appriciated.
>
>
> --
> Yang
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] PHPSESSID in session
I use session in my Shopping cart program.
start with
session_start() ;
and register the value with
session_register('uid') ;
when I want to pass the session value to another page I use
echo "click" ;
In 'somepage.php' I try to echo $uid the output that correct
My question is why my url not contain like
http://aaa.com/somepage.php?PHPSESSID= blah... blah..
It's not show like above just show like below
http://aaa.com/somepage.php
and it's work... ?
Is this because session send cookies to the browser ?
How could I do if I need to force session not sent the cookies to user ?
Any comment would be appriciated.
--
Yang
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] PHPSESSID in session
I use session in my Shopping cart program.
start with
session_start() ;
and register the value with
session_register('uid') ;
when I want to pass the session value to another page I use
echo "click" ;
In 'somepage.php' I try to echo $uid the output that correct
My question is why my url not contain like
http://aaa.com/somepage.php?PHPSESSID= blah... blah..
It's not show like above just show like below
http://aaa.com/somepage.php
and it's work... ?
Is this because session send cookies to the browser ?
How could I do if I need to force session not sent the cookies to user ?
Any comment would be appriciated.
--
Yang
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] PHPSESSID sticks to every link after upgrate of Apache/PHP
In your php.ini, change the following line:
>session.use_trans_sid = 1 ; use transient sid support if enabled
to
>session.use_trans_sid = 0 ; use transient sid support if enabled
And see if that solves your problem. Also, check the change with phpinfo(),
and if nothing changed, look for a second evil twin of php.ini
-Ben
-Original Message-
From: trogers [mailto:[EMAIL PROTECTED]]
Sent: Sunday, April 08, 2001 6:59 PM
To: 'PHP General List. (E-mail)'
Subject: Re: [PHP] PHPSESSID sticks to every link after upgrate of
Apache/PHP
Hi
You will probably need to make clean and rebuild php config and do a new
make against the new version of apache.
Just a guess
Tom
At 12:28 PM 5/04/01 +0900, Maxim Maletsky wrote:
>
>Hello,
>
>my co-worker has reinstalled Apache and PHP over the last night.
>
>The Apache was upgraded to the new version while PHP was re-installed the
>same.
>PHP.ini was untouched.
>
>Site uses sessions and, somehow, after this upgrade started carrying
>PHPSESSID through HREF.
>
>What should look for to bring the sessions using Cookies?
>
>from PHP-INI:
>
>NOTE : this was untouched.
>
>
>
>[Session]
>session.save_handler = files ; handler used to store/retrieve data
>session.save_path = /tmp; argument passed to save_handler
> ; in the case of files, this is the
> ; path where data files are stored
>session.use_cookies = 1 ; whether to use cookies
>session.name = PHPSESSID ; name of the session
> ; is used as cookie name
>session.auto_start= 0 ; initialize session on request startup
>session.cookie_lifetime = 0 ; lifetime in seconds of cookie
> ; or if 0, until browser is restarted
>session.cookie_path = / ; the path the cookie is valid for
>session.cookie_domain = ; the domain the cookie is valid for
>session.serialize_handler = php ; handler used to serialize data
> ; php is the standard serializer of
PHP
>session.gc_probability= 1 ; percentual probability that the
> ; 'garbage collection' process is
>started
> ; on every session initialization
>session.gc_maxlifetime= 1440; after this number of seconds, stored
> ; data will be seen as 'garbage' and
> ; cleaned up by the gc process
>session.referer_check = ; check HTTP Referer to invalidate
> ; externally stored URLs containing
ids
>session.entropy_length= 0 ; how many bytes to read from the file
>session.entropy_file = ; specified here to create the session
>id
>; session.entropy_length= 16
>; session.entropy_file = /dev/urandom
>session.cache_limiter = nocache ; set to {nocache,private,public} to
> ; determine HTTP caching aspects
>session.cache_expire = 180 ; document expires after n minutes
>session.use_trans_sid = 1 ; use transient sid support if enabled
> ; by compiling with --enable-trans-sid
>=
>
>
>Has upgrade of apache (modules, etc) anything to do with it?
>
>I can't really give you any more details since my co-coworker is
unreachable
>right now, and this is kinda urgent.
>
>Cheers,
>Max.
>
>
>
>Maxim Maletsky - [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>Webmaster, J-Door.com / J@pan Inc.
>LINC Media, Inc.
>TEL: 03-3499-2175 x 1271
>FAX: 03-3499-3109
>
>http://www.j-door.com <http://www.j-door.com/>
>http://www.japaninc.net <http://www.japaninc.net/>
>http://www.lincmedia.co.jp <http://www.lincmedia.co.jp/>
>
>
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHPSESSID sticks to every link after upgrate of Apache/PHP
Hi
You will probably need to make clean and rebuild php config and do a new
make against the new version of apache.
Just a guess
Tom
At 12:28 PM 5/04/01 +0900, Maxim Maletsky wrote:
>
>Hello,
>
>my co-worker has reinstalled Apache and PHP over the last night.
>
>The Apache was upgraded to the new version while PHP was re-installed the
>same.
>PHP.ini was untouched.
>
>Site uses sessions and, somehow, after this upgrade started carrying
>PHPSESSID through HREF.
>
>What should look for to bring the sessions using Cookies?
>
>from PHP-INI:
>
>NOTE : this was untouched.
>
>
>
>[Session]
>session.save_handler = files ; handler used to store/retrieve data
>session.save_path = /tmp; argument passed to save_handler
> ; in the case of files, this is the
> ; path where data files are stored
>session.use_cookies = 1 ; whether to use cookies
>session.name = PHPSESSID ; name of the session
> ; is used as cookie name
>session.auto_start= 0 ; initialize session on request startup
>session.cookie_lifetime = 0 ; lifetime in seconds of cookie
> ; or if 0, until browser is restarted
>session.cookie_path = / ; the path the cookie is valid for
>session.cookie_domain = ; the domain the cookie is valid for
>session.serialize_handler = php ; handler used to serialize data
> ; php is the standard serializer of PHP
>session.gc_probability= 1 ; percentual probability that the
> ; 'garbage collection' process is
>started
> ; on every session initialization
>session.gc_maxlifetime= 1440; after this number of seconds, stored
> ; data will be seen as 'garbage' and
> ; cleaned up by the gc process
>session.referer_check = ; check HTTP Referer to invalidate
> ; externally stored URLs containing ids
>session.entropy_length= 0 ; how many bytes to read from the file
>session.entropy_file = ; specified here to create the session
>id
>; session.entropy_length= 16
>; session.entropy_file = /dev/urandom
>session.cache_limiter = nocache ; set to {nocache,private,public} to
> ; determine HTTP caching aspects
>session.cache_expire = 180 ; document expires after n minutes
>session.use_trans_sid = 1 ; use transient sid support if enabled
> ; by compiling with --enable-trans-sid
>=
>
>
>Has upgrade of apache (modules, etc) anything to do with it?
>
>I can't really give you any more details since my co-coworker is unreachable
>right now, and this is kinda urgent.
>
>Cheers,
>Max.
>
>
>
>Maxim Maletsky - [EMAIL PROTECTED]
>Webmaster, J-Door.com / J@pan Inc.
>LINC Media, Inc.
>TEL: 03-3499-2175 x 1271
>FAX: 03-3499-3109
>
>http://www.j-door.com
Re: [PHP] PHPSESSID sticks to every link after upgrate of Apache/PHP
Hm...what browser are you using to test the site?
By using the trans_id option I believe that tells PHP to append the sessid
into the url if the cookie is not being accepted.
Try turning it off and trying it, and you may need to comment out the
url.rewriter thing directly under that option.
Try having someone else test your site using a different browser. Try IE 5,
5.5, and the new version of Netscape. All with cookies enabled.
If your site still is appending to the url, then something else is wrong.
--
Plutarck
Should be working on something...
...but forgot what it was.
"Maxim Maletsky" <[EMAIL PROTECTED]> wrote in message
DC017B079D81D411998C009027B7112A015ED065@EXC-TYO-01">news:DC017B079D81D411998C009027B7112A015ED065@EXC-TYO-01...
>
> Hello,
>
> my co-worker has reinstalled Apache and PHP over the last night.
>
> The Apache was upgraded to the new version while PHP was re-installed the
> same.
> PHP.ini was untouched.
>
> Site uses sessions and, somehow, after this upgrade started carrying
> PHPSESSID through HREF.
>
> What should look for to bring the sessions using Cookies?
>
> from PHP-INI:
>
> NOTE : this was untouched.
>
>
>
> [Session]
> session.save_handler = files ; handler used to store/retrieve data
> session.save_path = /tmp; argument passed to save_handler
> ; in the case of files, this is the
> ; path where data files are stored
> session.use_cookies = 1 ; whether to use cookies
> session.name = PHPSESSID ; name of the session
> ; is used as cookie name
> session.auto_start= 0 ; initialize session on request
startup
> session.cookie_lifetime = 0 ; lifetime in seconds of cookie
> ; or if 0, until browser is restarted
> session.cookie_path = / ; the path the cookie is valid for
> session.cookie_domain = ; the domain the cookie is valid for
> session.serialize_handler = php ; handler used to serialize data
> ; php is the standard serializer of
PHP
> session.gc_probability= 1 ; percentual probability that the
> ; 'garbage collection' process is
> started
> ; on every session initialization
> session.gc_maxlifetime= 1440; after this number of seconds, stored
> ; data will be seen as 'garbage' and
> ; cleaned up by the gc process
> session.referer_check = ; check HTTP Referer to invalidate
> ; externally stored URLs containing
ids
> session.entropy_length= 0 ; how many bytes to read from the file
> session.entropy_file = ; specified here to create the session
> id
> ; session.entropy_length= 16
> ; session.entropy_file = /dev/urandom
> session.cache_limiter = nocache ; set to {nocache,private,public} to
> ; determine HTTP caching aspects
> session.cache_expire = 180 ; document expires after n minutes
> session.use_trans_sid = 1 ; use transient sid support if enabled
> ; by compiling with --enable-trans-sid
> =
>
>
> Has upgrade of apache (modules, etc) anything to do with it?
>
> I can't really give you any more details since my co-coworker is
unreachable
> right now, and this is kinda urgent.
>
> Cheers,
> Max.
>
>
>
> Maxim Maletsky - [EMAIL PROTECTED]
> Webmaster, J-Door.com / J@pan Inc.
> LINC Media, Inc.
> TEL: 03-3499-2175 x 1271
> FAX: 03-3499-3109
>
> http://www.j-door.com
Re: [PHP] PHPSESSID sticks to every link after upgrate of Apache/PHP
Maxim Maletsky wrote: > > Site uses sessions and, somehow, after this upgrade started carrying > PHPSESSID through HREF. Sounds to me like php was compliled with the --enable-trans-sid option which does exactly that. Just a guess. Regards Joseph -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] PHPSESSID sticks to every link after upgrate of Apache/PHP
Hello,
my co-worker has reinstalled Apache and PHP over the last night.
The Apache was upgraded to the new version while PHP was re-installed the
same.
PHP.ini was untouched.
Site uses sessions and, somehow, after this upgrade started carrying
PHPSESSID through HREF.
What should look for to bring the sessions using Cookies?
from PHP-INI:
NOTE : this was untouched.
[Session]
session.save_handler = files ; handler used to store/retrieve data
session.save_path = /tmp; argument passed to save_handler
; in the case of files, this is the
; path where data files are stored
session.use_cookies = 1 ; whether to use cookies
session.name = PHPSESSID ; name of the session
; is used as cookie name
session.auto_start= 0 ; initialize session on request startup
session.cookie_lifetime = 0 ; lifetime in seconds of cookie
; or if 0, until browser is restarted
session.cookie_path = / ; the path the cookie is valid for
session.cookie_domain = ; the domain the cookie is valid for
session.serialize_handler = php ; handler used to serialize data
; php is the standard serializer of PHP
session.gc_probability= 1 ; percentual probability that the
; 'garbage collection' process is
started
; on every session initialization
session.gc_maxlifetime= 1440; after this number of seconds, stored
; data will be seen as 'garbage' and
; cleaned up by the gc process
session.referer_check = ; check HTTP Referer to invalidate
; externally stored URLs containing ids
session.entropy_length= 0 ; how many bytes to read from the file
session.entropy_file = ; specified here to create the session
id
; session.entropy_length= 16
; session.entropy_file = /dev/urandom
session.cache_limiter = nocache ; set to {nocache,private,public} to
; determine HTTP caching aspects
session.cache_expire = 180 ; document expires after n minutes
session.use_trans_sid = 1 ; use transient sid support if enabled
; by compiling with --enable-trans-sid
=
Has upgrade of apache (modules, etc) anything to do with it?
I can't really give you any more details since my co-coworker is unreachable
right now, and this is kinda urgent.
Cheers,
Max.
Maxim Maletsky - [EMAIL PROTECTED]
Webmaster, J-Door.com / J@pan Inc.
LINC Media, Inc.
TEL: 03-3499-2175 x 1271
FAX: 03-3499-3109
http://www.j-door.com
Re: [PHP] PHPSESSID location?
>Where is the temp session file held at? I have a script that uses sessions but I can't find the session file. >My php.ini file indicates that the session.save_path = c:\php\sessiondata but there is not any files there when there should be. Change those \ to / and keep all the players happy. >It does look like the session is working though. C:/tmp C:/temp C:/Windows/temp C:/Windows/System/temp C:/Windows/Temporary Internet Files/ C:/Windows/Wherever Windows OS Felt Like It This Week . . . -- Visit the Zend Store at http://www.zend.com/store/ Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] PHPSESSID location?
Where is the temp session file held at? I have a script that uses sessions but I can't find the session file. My php.ini file indicates that the session.save_path = c:\php\sessiondata but there is not any files there when there should be. It does look like the session is working though. Any ideas? Apache win2k php 4.0.4pl1 - Shane
