[PHP] session id
Hi, I'm using SWFUpload JavaScript for my upload in my logged part of website. I'm passing session_id in every post request from flash object. In my script I set forwarded id with session_id($_POST['passed_id']) but I got logout on that request (it's redirecting me to login page) and I'm also logged out in my browser (not flash). Then I need to relog. Everything is working fine when I'm not touching session_id() id setting. Any clues? -- Łukasz Wojciechowski
Re: [PHP] session id
On Mon, Feb 25, 2008 at 5:51 PM, Łukasz Wojciechowski
[EMAIL PROTECTED] wrote:
Hi, I'm using SWFUpload JavaScript for my upload in my logged part of
website. I'm passing session_id in every post request from flash
object. In my script I set forwarded id with
session_id($_POST['passed_id']) but I got logout on that request (it's
redirecting me to login page) and I'm also logged out in my browser
(not flash). Then I need to relog. Everything is working fine when I'm
not touching session_id() id setting. Any clues?
Try this instead:
?
session_start();
$_SESSION['passed_id'] = $_POST['passed_id']; // Sets the server-side
session variable
$_COOKIE['PHPSESSID'] = $_POST['passed_id']; // Names the session
whatever data was POST'ed
?
As always, BE SURE TO SANITIZE YOUR CODE!
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
Re: [PHP] session id contains illegal characters
Patrick Aljord wrote: I'm moving my page from php4 to php5 and I get this error: Warning: Unknown: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0 Can you check to see what session identifier the browser is sending when you get this error message? PHP's session identifiers should only contain hexadecimal characters (a subset of alphanumerics). This check was added to protect against people trying to use the session identifier as an attack vector, sending a malicious payload instead of a real session identifier. Hope that helps. Chris -- Chris Shiflett http://shiflett.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id contains illegal characters
On 10/27/06, Chris Shiflett [EMAIL PROTECTED] wrote: Patrick Aljord wrote: I'm moving my page from php4 to php5 and I get this error: Warning: Unknown: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0 Can you check to see what session identifier the browser is sending when you get this error message? how can I check the session identifier the borwser is sending? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id contains illegal characters
Also, why are you assigning the result of session_id() into a variable that is then passed into $_SESSION. Seems overcomplex and redundant - why not just call session_id() when you need it? Just a thought.
Re: [PHP] session id contains illegal characters
On Thu, October 26, 2006 6:19 pm, Patrick Aljord wrote: $_SESSION['user_id']=$user_id; $_SESSION['user_login']=$user_login; $_SESSION['user_pass']=$user_pass; $_SESSION['user_level']=$user_level; $_SESSION['session_bool']=true; $sessionid = session_id(); echo The sessionid sent to me is: $sessionidhr /\n; $_SESSION['session_id']= $sessionid; $user_real_id=$_SESSION['user_id']; $user_real_login=$_SESSION['user_login']; $realsessionid = $_SESSION['session_id']; any idea what's wrong? Whatever you've been cramming into session_id(), you shouldn't have done that. A username should be ENCOURAGED to have at least one non-alphanumeric character. session_id()s are NOT ALLOWED to have any non-alphanumeric characters. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session id contains illegal characters
hey all, I'm moving my page from php4 to php5 and I get this error: Warning: Unknown: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0 this is the code I use to start my session: $_SESSION['user_id']=$user_id; $_SESSION['user_login']=$user_login; $_SESSION['user_pass']=$user_pass; $_SESSION['user_level']=$user_level; $_SESSION['session_bool']=true; $sessionid = session_id(); $_SESSION['session_id']= $sessionid; $user_real_id=$_SESSION['user_id']; $user_real_login=$_SESSION['user_login']; $realsessionid = $_SESSION['session_id']; any idea what's wrong? thanx in advance Pat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Page validation: Un-wanted PHP session ID added to links????
On Mon, February 20, 2006 2:19 pm, Michael Hulse wrote: On Feb 20, 2006, at 12:10 PM, John Nichel wrote: It's all in the manual Hi, thanks for pointing that out. I guess I should have RTFM first, then ask q's second... noob mistake, wont happen again. :D I guess I just do not understand why a session is even being created, I never started one... I guess I need to read the manual in more detail (doing now). While you should RTFM, in this particular instance, reading the php.ini file on your two servers, paying particular attention to the session.* settings will probably be sufficient enlightenment for today :-) RTFM tomorrow, though. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Page validation: Un-wanted PHP session ID added to links????
Hi, I just finished a website for client - I just uploaded the site to their server space - when I went to go validate my pages using the W3C XHTML validator I get several errors due to an un-encoded ampersand in the link URL... For some reason, a session ID is getting added to the end of all my menu links: /start.php?page=homePHPSESSID=45142bb20b8b2e800be5359b667237 Ummm, can I turn this off? I tested/built the site on my server and never got this problem. I am sure it is an easy fix. Suggestions? Links? Many thanks in advance. Micky -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Page validation: Un-wanted PHP session ID added to links????
Michael Hulse wrote: Hi, I just finished a website for client - I just uploaded the site to their server space - when I went to go validate my pages using the W3C XHTML validator I get several errors due to an un-encoded ampersand in the link URL... For some reason, a session ID is getting added to the end of all my menu links: /start.php?page=homePHPSESSID=45142bb20b8b2e800be5359b667237 Ummm, can I turn this off? I tested/built the site on my server and never got this problem. I am sure it is an easy fix. Suggestions? Links? It's all in the manual http://us3.php.net/session -- John C. Nichel IV Programmer/System Admin (ÜberGeek) Dot Com Holdings of Buffalo 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Page validation: Un-wanted PHP session ID added to links????
Michael Hulse wrote: I just finished a website for client - I just uploaded the site to their server space - when I went to go validate my pages using the W3C XHTML validator I get several errors due to an un-encoded ampersand in the link URL... For some reason, a session ID is getting added to the end of all my menu links: /start.php?page=homePHPSESSID=45142bb20b8b2e800be5359b667237 http://www.w3.org/QA/2005/04/php-session details how to fix the problem (without breaking the session tracking for users without cookies supported and enabled). -- David Dorward http://blog.dorward.me.uk/ http://dorward.me.uk/ Home is where the ~/.bashrc is -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Page validation: Un-wanted PHP session ID added to links????
On Feb 20, 2006, at 12:10 PM, John Nichel wrote: It's all in the manual Hi, thanks for pointing that out. I guess I should have RTFM first, then ask q's second... noob mistake, wont happen again. :D I guess I just do not understand why a session is even being created, I never started one... I guess I need to read the manual in more detail (doing now). Thanks for the quick response. :) Micky -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Page validation: Un-wanted PHP session ID added to links????
On Feb 20, 2006, at 12:11 PM, David Dorward wrote: http://www.w3.org/QA/2005/04/php-session details how to fix the problem (without breaking the session tracking for users without cookies supported and enabled). Ah, great link. Thanks! :) I don't know why sessions are being stored in the first place, but at least I can fix the validation prob. Cheers! Micky -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Page validation: Un-wanted PHP session ID added to links????
Michael Hulse wrote: On Feb 20, 2006, at 12:10 PM, John Nichel wrote: It's all in the manual Hi, thanks for pointing that out. I guess I should have RTFM first, then ask q's second... noob mistake, wont happen again. :D I guess I just do not understand why a session is even being created, I never started one... I guess I need to read the manual in more detail (doing now). Thanks for the quick response. :) Micky The server you're running the script on may have session.auto_start enabled -- John C. Nichel IV Programmer/System Admin (ÜberGeek) Dot Com Holdings of Buffalo 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [SOLVED] [PHP] Page validation: Un-wanted PHP session ID added to links????
This did the trick:
?php ini_set('arg_separator.output','amp;'); ?
On Feb 20, 2006, at 12:37 PM, John Nichel wrote:
The server you're running the script on may have session.auto_start
enabled
Ah, got it. :)
Thanks all!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session ID in query string
Using PHP 4.3.9, we have these settings: session.use_cookies = 1 session.use_only_cookies = 1 session.use_trans_sid = 0 (verified by a display of phpinfo() ) with the goal of preventing URLs with session IDs appended. That works fine, but when a page is validated by W3C, it throws an error, and indicates that a link on the page (which contains a query string), also contains the session ID. If I click the link, it doesn't show the session ID, but W3C can see it. Any ideas appreciated. Sandy Keathley -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ID in query string
Sandy Keathley wrote: Using PHP 4.3.9, we have these settings: session.use_cookies = 1 session.use_only_cookies = 1 session.use_trans_sid = 0 (verified by a display of phpinfo() ) with the goal of preventing URLs with session IDs appended. That works fine, but when a page is validated by W3C, it throws an error, and indicates that a link on the page (which contains a query string), also contains the session ID. If I click the link, it doesn't show the session ID, but W3C can see it. W3C can't see anything you can't see with View Source in your browser. So is the session ID there or not?... W3C claims it is: You claim it isn't. One of you has to be wrong. :-) Your PHP code could easily be creating a URL with the session ID in it. Or W3C could be incorrectly interpreting your HTML. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ID in query string
Richard Lynch wrote: Sandy Keathley wrote: Using PHP 4.3.9, we have these settings: session.use_cookies = 1 session.use_only_cookies = 1 session.use_trans_sid = 0 (verified by a display of phpinfo() ) with the goal of preventing URLs with session IDs appended. That works fine, but when a page is validated by W3C, it throws an error, and indicates that a link on the page (which contains a query string), also contains the session ID. If I click the link, it doesn't show the session ID, but W3C can see it. W3C can't see anything you can't see with View Source in your browser. So is the session ID there or not?... W3C claims it is: You claim it isn't. One of you has to be wrong. :-) Your PHP code could easily be creating a URL with the session ID in it. Or W3C could be incorrectly interpreting your HTML. if you're using a decent browser, try turning OFF cookies and reloading the same page. Then make sure that the link REALLY doesn't contain the sid -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
Zilvinas Saltys [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Fri, 2 Jul 2004 22:45:23 + Curt Zirzow [EMAIL PROTECTED] wrote: * Thus wrote Torsten Roehr: Zilvinas Saltys [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] The only thing i want to know is all the truth about IE (6?) and cookies :) Heeelp :) Sorry to say that but just DO NOT use cookies. You will always have problems with users having weird cookie settings in their browser. Cookies are fine for intranets where you know the infrastructure you are dealing with. Passing the session id via GET/POST may be ugly but makes you independent of the browser's cookie settings. I would strongly discourage trans_id with sessions that contain sensitive data. Yes it does contain sensitive data.. And those people cant work with that data because of IE... Those people have to travel from place to place. They can't use mozilla everywhere or change the IE settings or even to turn the zone alarm off... So what are your suggestions? Using trans sid is the only solution as i see now.. No matter how unsafe it is.. Or it looks or works ugly.. That is the problem :) Use SSL and if possible a Virtual Private Network (VPN). You can also call session_regenerate_id() after successful login: http://de.php.net/session_regenerate_id This adds a bit of additional security because the session id that might be public before the login will not be of any use to a potential attackerb because it will change after login. Don't use session.use_trans_sid = 1 because it won't work with form actions and some other elements. I recommend manually adding the session id to all your links, form actions and header(location) calls. Hope this helps a bit. Regards, Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
Matthew Sims [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] No, this is exactly what I wanted to know. But it would contradict everything I experienced with sessions until now - and it does. I just tested your code (with session_start() also at the top of page2). It does not work because there is absolutely no relation between page1 and page2 with your code. In this case a new session is being started on page two. You have got to pass the session id from one page to another (when not using a cookie) otherwise it won't work and rightly so. Ah, you are so correct. My apologies. Without cookies turned on then the session id is different with each page. Bleh. Okay...so...ignore all that I said. :) So I guess $_GET is the only option...that sucks. Sorry dude. Hi Matthew, there's no reason to apaologize. I would have loved to see a non-cookie solution with transparent session id use. Regards, Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
Torsten Roehr [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Zilvinas Saltys [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Fri, 2 Jul 2004 22:45:23 + Curt Zirzow [EMAIL PROTECTED] wrote: * Thus wrote Torsten Roehr: Zilvinas Saltys [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] The only thing i want to know is all the truth about IE (6?) and cookies :) Heeelp :) Sorry to say that but just DO NOT use cookies. You will always have problems with users having weird cookie settings in their browser. Cookies are fine for intranets where you know the infrastructure you are dealing with. Passing the session id via GET/POST may be ugly but makes you independent of the browser's cookie settings. I would strongly discourage trans_id with sessions that contain sensitive data. Yes it does contain sensitive data.. And those people cant work with that data because of IE... Those people have to travel from place to place. They can't use mozilla everywhere or change the IE settings or even to turn the zone alarm off... So what are your suggestions? Using trans sid is the only solution as i see now.. No matter how unsafe it is.. Or it looks or works ugly.. That is the problem :) Use SSL and if possible a Virtual Private Network (VPN). You can also call session_regenerate_id() after successful login: http://de.php.net/session_regenerate_id This adds a bit of additional security because the session id that might be public before the login will not be of any use to a potential attackerb because it will change after login. Don't use session.use_trans_sid = 1 because it won't work with form actions and some other elements. I recommend manually adding the session id to all your links, form actions and header(location) calls. Hope this helps a bit. Regards, Torsten One more thing. Store the user's browser id ($_SERVER['HTTP_USER_AGENT']) and/or his IP into the session and on each request compare the stored values to the current submitted values. Regards, Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session id changing all the time on some pc's
Hello, I have a strange problem. For example i have a script: ?php session_start(); echo session_id(); ? Once it started a session the session_id should never change. It works on my localhost with default php configuration. I'm using mozilla firefox and IE. I put this script on some other server on the net. It works just fine too with both browsers. But i also put it on one other server and while you are you using IE the session_id changes all the time. With mozilla firefox everything just works fine. On all servers. I looked at server configurations but i couldn't find anything usefull. I tried to change IE settings to accept all cookies but nothing changed. Maybe someone knows where's the problem.. Thanks Bye -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
On Friday 02 July 2004 12:12 pm, Zilvinas Saltys wrote: I looked at server configurations but i couldn't find anything usefull. I tried to change IE settings to accept all cookies but nothing changed. Maybe someone knows where's the problem.. I dont know of all the specifics of your situation, but I know when it happened to my code, it boiled down to a cookie problem. (I never experienced it first hand unless I turned off cookies in my own browser. I saw it was happening for other users on my code). So what I eventually did, was modified my code to work with browsers that do not store cookies (for what ever reason that may be). By that I mean to pass the session id in the url and in forms... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
On Fri, 2 Jul 2004 12:21:34 -0400 Gerard Samuel [EMAIL PROTECTED] wrote: On Friday 02 July 2004 12:12 pm, Zilvinas Saltys wrote: I looked at server configurations but i couldn't find anything usefull. I tried to change IE settings to accept all cookies but nothing changed. Maybe someone knows where's the problem.. I dont know of all the specifics of your situation, but I know when it happened to my code, it boiled down to a cookie problem. (I never experienced it first hand unless I turned off cookies in my own browser. I saw it was happening for other users on my code). So what I eventually did, was modified my code to work with browsers that do not store cookies (for what ever reason that may be). By that I mean to pass the session id in the url and in forms... I know i can pass the session id by url.. But this solution is ugly and hopefully not the only one there is.. The problem is as i understand IE is not accepting the cookie. So the session id allways regenerates. Everything works fine with mozilla. The strangest part of the show is some pc's that have IE installed accepts those cookies. I turned 'accept ALL cookies'. Same result.. Maybe ... this could be a domain problem.. The only thing i want to know is all the truth about IE (6?) and cookies :) Heeelp :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
Zilvinas Saltys [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Fri, 2 Jul 2004 12:21:34 -0400 Gerard Samuel [EMAIL PROTECTED] wrote: On Friday 02 July 2004 12:12 pm, Zilvinas Saltys wrote: I looked at server configurations but i couldn't find anything usefull. I tried to change IE settings to accept all cookies but nothing changed. Maybe someone knows where's the problem.. I dont know of all the specifics of your situation, but I know when it happened to my code, it boiled down to a cookie problem. (I never experienced it first hand unless I turned off cookies in my own browser. I saw it was happening for other users on my code). So what I eventually did, was modified my code to work with browsers that do not store cookies (for what ever reason that may be). By that I mean to pass the session id in the url and in forms... I know i can pass the session id by url.. But this solution is ugly and hopefully not the only one there is.. The problem is as i understand IE is not accepting the cookie. So the session id allways regenerates. Everything works fine with mozilla. The strangest part of the show is some pc's that have IE installed accepts those cookies. I turned 'accept ALL cookies'. Same result.. Maybe ... this could be a domain problem.. The only thing i want to know is all the truth about IE (6?) and cookies :) Heeelp :) Sorry to say that but just DO NOT use cookies. You will always have problems with users having weird cookie settings in their browser. Cookies are fine for intranets where you know the infrastructure you are dealing with. Passing the session id via GET/POST may be ugly but makes you independent of the browser's cookie settings. Regards, Torsten Roehr -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] session id changing all the time on some pc's
Zilvinas Saltys wrote:
The problem is as i understand IE is not accepting the cookie. So the
session id allways regenerates. Everything works fine with mozilla.
[...]
The only thing i want to know is all the truth about IE (6?) and
cookies :)
Could it be a problem with IE6 and P3P (http://www.w3.org/P3P/)?
This is just hearsay, but a friend of mine told me about a problem he was having
with IE6 and cookies in his application. He had to send a P3P header before some
versions of IE would accept the cookie. I've read that P3P only applies to
persistant cookies, but his was temporary and was still not working until he added
this:
header('P3P: CP=NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM');
I have no first hand experience with this myself, and I haven't done the proper
research to become familiar with it. Make of this what you will. :) More
information here:
http://www.computercops.biz/modules.php?name=Newsfile=printsid=837
HTH
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
Zilvinas Saltys [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Fri, 2 Jul 2004 12:21:34 -0400 Gerard Samuel [EMAIL PROTECTED] wrote: On Friday 02 July 2004 12:12 pm, Zilvinas Saltys wrote: I looked at server configurations but i couldn't find anything usefull. I tried to change IE settings to accept all cookies but nothing changed. Maybe someone knows where's the problem.. I dont know of all the specifics of your situation, but I know when it happened to my code, it boiled down to a cookie problem. (I never experienced it first hand unless I turned off cookies in my own browser. I saw it was happening for other users on my code). So what I eventually did, was modified my code to work with browsers that do not store cookies (for what ever reason that may be). By that I mean to pass the session id in the url and in forms... I know i can pass the session id by url.. But this solution is ugly and hopefully not the only one there is.. The problem is as i understand IE is not accepting the cookie. So the session id allways regenerates. Everything works fine with mozilla. The strangest part of the show is some pc's that have IE installed accepts those cookies. I turned 'accept ALL cookies'. Same result.. Maybe ... this could be a domain problem.. The only thing i want to know is all the truth about IE (6?) and cookies :) Heeelp :) Sorry to say that but just DO NOT use cookies. You will always have problems with users having weird cookie settings in their browser. Cookies are fine for intranets where you know the infrastructure you are dealing with. Passing the session id via GET/POST may be ugly but makes you independent of the browser's cookie settings. Regards, Torsten Roehr I can agree with this. I created an internal website for my company that requires login. And even then some users a restricted to certain areas of the website depending on their user level. Passing the $_SESSION variables around was just plain easier than setting up cookies. I also felt I had a greater control over the whole process from login to logout. Instead of passing the session_id through the URL ($_GET) just assign it to $_SESSION and pass that around. Then it'll stay transparent to the user. --Matthew Sims --http://killermookie.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
Matthew Sims [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Zilvinas Saltys [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Fri, 2 Jul 2004 12:21:34 -0400 Gerard Samuel [EMAIL PROTECTED] wrote: On Friday 02 July 2004 12:12 pm, Zilvinas Saltys wrote: I looked at server configurations but i couldn't find anything usefull. I tried to change IE settings to accept all cookies but nothing changed. Maybe someone knows where's the problem.. I dont know of all the specifics of your situation, but I know when it happened to my code, it boiled down to a cookie problem. (I never experienced it first hand unless I turned off cookies in my own browser. I saw it was happening for other users on my code). So what I eventually did, was modified my code to work with browsers that do not store cookies (for what ever reason that may be). By that I mean to pass the session id in the url and in forms... I know i can pass the session id by url.. But this solution is ugly and hopefully not the only one there is.. The problem is as i understand IE is not accepting the cookie. So the session id allways regenerates. Everything works fine with mozilla. The strangest part of the show is some pc's that have IE installed accepts those cookies. I turned 'accept ALL cookies'. Same result.. Maybe ... this could be a domain problem.. The only thing i want to know is all the truth about IE (6?) and cookies :) Heeelp :) Sorry to say that but just DO NOT use cookies. You will always have problems with users having weird cookie settings in their browser. Cookies are fine for intranets where you know the infrastructure you are dealing with. Passing the session id via GET/POST may be ugly but makes you independent of the browser's cookie settings. Regards, Torsten Roehr I can agree with this. I created an internal website for my company that requires login. And even then some users a restricted to certain areas of the website depending on their user level. Passing the $_SESSION variables around was just plain easier than setting up cookies. I also felt I had a greater control over the whole process from login to logout. Instead of passing the session_id through the URL ($_GET) just assign it to $_SESSION and pass that around. Then it'll stay transparent to the user. Could you describe the last paragraph a bit more in detail? Thanks in advance! Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
Instead of passing the session_id through the URL ($_GET) just assign it to $_SESSION and pass that around. Then it'll stay transparent to the user. Could you describe the last paragraph a bit more in detail? Thanks in advance! Torsten What if you used this? session_start(); $_SESSION['sid']=session_id($HTTP_GET_VARS['sid']); Now as long as each of your pages has session_start() at the top, you can use $_SESSION['sid'] whereever. To the mailing list: Am I doing this correctly? --Matthew Sims --http://killermookie.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
On Friday 02 July 2004 02:13 pm, Torsten Roehr wrote: Passing the session id via GET/POST may be ugly but makes you independent of the browser's cookie settings. I would have to agree... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
Matthew Sims [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Instead of passing the session_id through the URL ($_GET) just assign it to $_SESSION and pass that around. Then it'll stay transparent to the user. Could you describe the last paragraph a bit more in detail? Thanks in advance! Torsten What if you used this? session_start(); $_SESSION['sid']=session_id($HTTP_GET_VARS['sid']); Now as long as each of your pages has session_start() at the top, you can use $_SESSION['sid'] whereever. To the mailing list: Am I doing this correctly? But somehow you have to pass the session id from page to page!?! By the way, the session id is always available as the constant SID. Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
Matthew Sims [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Instead of passing the session_id through the URL ($_GET) just assign it to $_SESSION and pass that around. Then it'll stay transparent to the user. Could you describe the last paragraph a bit more in detail? Thanks in advance! Torsten What if you used this? session_start(); $_SESSION['sid']=session_id($HTTP_GET_VARS['sid']); Now as long as each of your pages has session_start() at the top, you can use $_SESSION['sid'] whereever. To the mailing list: Am I doing this correctly? But somehow you have to pass the session id from page to page!?! By the way, the session id is always available as the constant SID. Torsten The $_SESSION['sid'] will follow from page to page. As long as the user stays in the current session, all $_SESSION variables will follow from page to page as long as session_start() is used. --Matthew Sims --http://killermookie.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
Matthew Sims [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Matthew Sims [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Instead of passing the session_id through the URL ($_GET) just assign it to $_SESSION and pass that around. Then it'll stay transparent to the user. Could you describe the last paragraph a bit more in detail? Thanks in advance! Torsten What if you used this? session_start(); $_SESSION['sid']=session_id($HTTP_GET_VARS['sid']); Now as long as each of your pages has session_start() at the top, you can use $_SESSION['sid'] whereever. To the mailing list: Am I doing this correctly? But somehow you have to pass the session id from page to page!?! By the way, the session id is always available as the constant SID. Torsten The $_SESSION['sid'] will follow from page to page. As long as the user stays in the current session, all $_SESSION variables will follow from page to page as long as session_start() is used. OK, but HOW do you manage that the user stays in the current session. Usually this is made sure by passing the session id around. But obviously you are not doing this, are you? Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
The $_SESSION['sid'] will follow from page to page. As long as the user
stays in the current session, all $_SESSION variables will follow from
page to page as long as session_start() is used.
OK, but HOW do you manage that the user stays in the current session.
Usually this is made sure by passing the session id around. But
obviously
you are not doing this, are you?
Torsten
As long as the user keeps his browser pointing at your site, then they'll
stay in the currect session. The moment they shut down the web browser,
the session is lost.
When the user first comes to your site, assign the session_id to a
$_SESSION variable. Then as the user jumps from page to page, check the
$_SESSION variable with the session_id on that page.
Try this, on the front page:
session_start();
$_SESSOIN['sid']=session_id();
On another page:
if ($_SESSION['sid']==session_id()) {
continue browsing;
} else {
redirect to front page;
}
or however you want it to be. The above isn't tested. Not sure if
session_id needs to be assigned to a variable.
Is this what you're referring to or am I just misreading what you're asking?
--Matthew Sims
--http://killermookie.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
On Friday 02 July 2004 04:38 pm, Matthew Sims wrote: As long as the user keeps his browser pointing at your site, then they'll stay in the currect session. The moment they shut down the web browser, the session is lost. The logic doesnt compute with me. I guess I'll have to try this myself... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
Matthew Sims [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
The $_SESSION['sid'] will follow from page to page. As long as the user
stays in the current session, all $_SESSION variables will follow from
page to page as long as session_start() is used.
OK, but HOW do you manage that the user stays in the current session.
Usually this is made sure by passing the session id around. But
obviously
you are not doing this, are you?
Torsten
As long as the user keeps his browser pointing at your site, then they'll
stay in the currect session. The moment they shut down the web browser,
the session is lost.
This does only work *with* using a cookie.
When the user first comes to your site, assign the session_id to a
$_SESSION variable. Then as the user jumps from page to page, check the
$_SESSION variable with the session_id on that page.
Try this, on the front page:
session_start();
$_SESSOIN['sid']=session_id();
On another page:
if ($_SESSION['sid']==session_id()) {
continue browsing;
} else {
redirect to front page;
}
or however you want it to be. The above isn't tested. Not sure if
session_id needs to be assigned to a variable.
Is this what you're referring to or am I just misreading what you're
asking?
No, this is exactly what I wanted to know. But it would contradict
everything I experienced with sessions until now - and it does. I just
tested your code (with session_start() also at the top of page2). It does
not work because there is absolutely no relation between page1 and page2
with your code. In this case a new session is being started on page two.
You have got to pass the session id from one page to another (when not using
a cookie) otherwise it won't work and rightly so.
Maybe your memory played a trick on you ;) Don't mind.
Regards, Torsten
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
No, this is exactly what I wanted to know. But it would contradict everything I experienced with sessions until now - and it does. I just tested your code (with session_start() also at the top of page2). It does not work because there is absolutely no relation between page1 and page2 with your code. In this case a new session is being started on page two. You have got to pass the session id from one page to another (when not using a cookie) otherwise it won't work and rightly so. Ah, you are so correct. My apologies. Without cookies turned on then the session id is different with each page. Bleh. Okay...so...ignore all that I said. :) So I guess $_GET is the only option...that sucks. Sorry dude. --Matthew Sims --http://killermookie.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
* Thus wrote Torsten Roehr: Zilvinas Saltys [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] The only thing i want to know is all the truth about IE (6?) and cookies :) Heeelp :) Sorry to say that but just DO NOT use cookies. You will always have problems with users having weird cookie settings in their browser. Cookies are fine for intranets where you know the infrastructure you are dealing with. Passing the session id via GET/POST may be ugly but makes you independent of the browser's cookie settings. I would strongly discourage trans_id with sessions that contain sensitive data. Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id changing all the time on some pc's
On Fri, 2 Jul 2004 22:45:23 + Curt Zirzow [EMAIL PROTECTED] wrote: * Thus wrote Torsten Roehr: Zilvinas Saltys [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] The only thing i want to know is all the truth about IE (6?) and cookies :) Heeelp :) Sorry to say that but just DO NOT use cookies. You will always have problems with users having weird cookie settings in their browser. Cookies are fine for intranets where you know the infrastructure you are dealing with. Passing the session id via GET/POST may be ugly but makes you independent of the browser's cookie settings. I would strongly discourage trans_id with sessions that contain sensitive data. Yes it does contain sensitive data.. And those people cant work with that data because of IE... Those people have to travel from place to place. They can't use mozilla everywhere or change the IE settings or even to turn the zone alarm off... So what are your suggestions? Using trans sid is the only solution as i see now.. No matter how unsafe it is.. Or it looks or works ugly.. That is the problem :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php session ID attached to URL
Hi, I have a quick question about PHP session. In my website I have included the command session_start(); at the top of every page. Firstly is this correct? Secondly when I visit the website the first link I click on has the php session ID appended to the url however this php session ID is not appended to subsequent links ! Is this correct behaviour? What is going on? Can anyone explain? Thanks Matt
RE: [PHP] php session ID attached to URL
On 04 March 2004 10:25, matthew oatham wrote: Hi, I have a quick question about PHP session. In my website I have included the command session_start(); at the top of every page. Firstly is this correct? Yes (sort of). The real deal is that session_start() has to occur before you start sending any actual content -- if you have, say, a lot of initialization logic, this could actually be quite a long way into your script. Secondly when I visit the website the first link I click on has the php session ID appended to the url however this php session ID is not appended to subsequent links ! Is this correct behaviour? Yes. It's simply the nature of cookies that it takes at least one round trip to the server to work out if you have them enabled -- and on that trip, the only way to propagate the session id is to pass it in the URL. What is going on? Can anyone explain? On your initial visit to the site, you will not have a session-id cookie set, so PHP doesn't know if you have cookies enabled or not. When you first click a link, therefore, the session id is appended to the URL, *and* a session-id cookie header is sent. On the next (and subsequent) clicks, the cookie will be received from your browser, PHP knows you have cookies enabled, and therefore relies on the cookie and does not add the session id to the URL. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php session ID attached to URL
matthew oatham wrote: Hi, I have a quick question about PHP session. In my website I have included the command session_start(); at the top of every page. Firstly is this correct? Yes, this makes sure you don't lose the session somewhere. Secondly when I visit the website the first link I click on has the php session ID appended to the url however this php session ID is not appended to subsequent links ! Is this correct behaviour? What is going on? Can anyone explain? When you first visit the site, session_start() sets a cookie that contains the session id. However, since this is your first visit, session code has no way of finding out if the cookie was accepted by the browser. For this reason (session.use_trans_sid is on) all links, forms etc are rewriten to contain the session id. Thanks Matt -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php session ID attached to URL
In case, client has selected disabled cookie option then everytime you have to append session id variable to the URL. While appending the session id variable to the URL, one must know the security concerns. This is the nice article about session and security. http://shiflett.org/articles/the-truth-about-sessions Thanks Hardik --- Ford, Mike [LSS] [EMAIL PROTECTED] wrote: On 04 March 2004 10:25, matthew oatham wrote: Hi, I have a quick question about PHP session. In my website I have included the command session_start(); at the top of every page. Firstly is this correct? Yes (sort of). The real deal is that session_start() has to occur before you start sending any actual content -- if you have, say, a lot of initialization logic, this could actually be quite a long way into your script. Secondly when I visit the website the first link I click on has the php session ID appended to the url however this php session ID is not appended to subsequent links ! Is this correct behaviour? Yes. It's simply the nature of cookies that it takes at least one round trip to the server to work out if you have them enabled -- and on that trip, the only way to propagate the session id is to pass it in the URL. What is going on? Can anyone explain? On your initial visit to the site, you will not have a session-id cookie set, so PHP doesn't know if you have cookies enabled or not. When you first click a link, therefore, the session id is appended to the URL, *and* a session-id cookie header is sent. On the next (and subsequent) clicks, the cookie will be received from your browser, PHP knows you have cookies enabled, and therefore relies on the cookie and does not add the session id to the URL. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session Id in forms
Hi, been having some problems with sessions. When i use a session and a form on the same page. Sometimes php will create a form object called PHP_SESSIONID. Since this is inserted as the first object of the form, this will screw up my javascript validation, wich uses the form element index, i dont want to change this because is generated by OOH forms . Is the a way to make this object appear at the end of the form? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Id in forms
This is done by PHP's enable-trans-sid directive. The simple solution would be to disable trand-sid in the php.ini file, but you may rely on it to maintain sessions on non-cookie users. So, then there is this directive in php.ini: ; The URL rewriter will look for URLs in a defined set of HTML tags. ; form/fieldset are special; if you include them here, the rewriter will ; add a hidden input field with the info which is otherwise appended ; to URLs. If you want XHTML conformity, remove the form entry. ; Note that all valid entries require a =, even if no value follows. url_rewriter.tags = a=href,area=href,frame=src,input=src,form=,fieldset= 1. you may be able to experiment with this setting to change how it does things. For example removing form= will solve your problem, but you may lose sessions, so you may have to MANUALLY insert the session id into the form as the last form element yourself, or put it in the URL YOURSELF. 2. changing form= to form=target may force the session stuff into the URL, rather than as a form element You'll have to experiment a bit, and if you're on a shared server, you'll have to see if this directive can be changed in a .htaccess file, etc etc. Justin French On Thursday, September 11, 2003, at 02:31 AM, Gustavo Del Castillo Meza wrote: Hi, been having some problems with sessions. When i use a session and a form on the same page. Sometimes php will create a form object called PHP_SESSIONID. Since this is inserted as the first object of the form, this will screw up my javascript validation, wich uses the form element index, i dont want to change this because is generated by OOH forms . Is the a way to make this object appear at the end of the form? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php --- [This E-mail scanned for viruses] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session ID as a regex
How would you best describe a session id as a regex?
[a-z0-9]{32}
Just checking to see if any other characters can be in a session id.
Thanks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ID as a regex
On Wednesday 06 August 2003 02:28, Gerard Samuel wrote:
How would you best describe a session id as a regex?
[a-z0-9]{32}
Just checking to see if any other characters can be in a session id.
I think [a-f0-9]{32} is sufficient.
--
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems Integrators
* Web Design Hosting * Internet Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
Are you selling NYLON OIL WELLS?? If so, we can use TWO DOZEN!!
*/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session id
can somebody tell me why I am getting this:
Warning: session_start() [function.session-start]: Cannot send session
cookie - headers already sent by (output started at
c:\inetpub\wwwroot\search.php:8) in c:\inetpub\wwwroot\search.php on line 21
Warning: session_start() [function.session-start]: Cannot send session cache
limiter - headers already sent (output started at
c:\inetpub\wwwroot\search.php:8) in c:\inetpub\wwwroot\search.php on line 21
when I use this code:
session_start();
if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
}
PHP is version 4.3.1
thanx
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id
On 25/3/03 2:37 pm, Iggy [EMAIL PROTECTED] wrote:
can somebody tell me why I am getting this:
Warning: session_start() [function.session-start]: Cannot send session
cookie - headers already sent by (output started at
c:\inetpub\wwwroot\search.php:8) in c:\inetpub\wwwroot\search.php on line 21
Warning: session_start() [function.session-start]: Cannot send session cache
limiter - headers already sent (output started at
c:\inetpub\wwwroot\search.php:8) in c:\inetpub\wwwroot\search.php on line 21
when I use this code:
session_start();
if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
}
PHP is version 4.3.1
thanx
You cannot send any output until the session is set
This includes html before the ?php tag or any print's or echo's
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id
can somebody tell me why I am getting this:
Warning: session_start() [function.session-start]: Cannot send session
cookie - headers already sent by (output started at
c:\inetpub\wwwroot\search.php:8) in c:\inetpub\wwwroot\search.php on
line 21
Warning: session_start() [function.session-start]: Cannot send session
cache
limiter - headers already sent (output started at
c:\inetpub\wwwroot\search.php:8) in c:\inetpub\wwwroot\search.php on
line 21
when I use this code:
session_start();
if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
}
PHP is version 4.3.1
thanx
You cannot send any output until the session is set
This includes html before the ?php tag or any print's or echo's
More specifically, whatever you have in search.php on line 8 is considered
output and is ending the headers. Move session_start() before any output.
---John Holmes...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session id generation
Hi, i'd like to know how PHP determines what session_id to hand out to users. Is it based on some real value like the browser and the ip address? an incremental number? I want to make sure that it doesnt provide two same session id for the different users at the same time. thanks MAthieu Dumoulin Programmer analyst for web solutions www.groupimage.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session id generation
At 19:50 12.03.2003, Mathieu Dumoulin spoke out and said:
[snip]
Hi, i'd like to know how PHP determines what session_id to hand out to
users.
Is it based on some real value like the browser and the ip address? an
incremental number? I want to make sure that it doesnt provide two same
session id for the different users at the same time.
[snip]
{php_source_directory}/ext/session/session.c
this has it all - look for _php_create_id().
Basically it generates an MD5 digest from the current secs and usecs
(system time) and a pseudo-random number (see php_combined_lcg() in
standard/lcg.c). If an entropy file is available (usually on unix systems)
it uses the entropy to further randomize the digest. In a final step the
digest is converted to a hex string.
--
O Ernest E. Vogelsinger
(\) ICQ #13394035
^ http://www.vogelsinger.at/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session id
Ok, I am sure this has been discussed but I have not been keeping up with the listserv. I am using sessions so to test, I blocked all cookies and of course the sessionid is then in the url. How can I hide it from the url?...or is this even possible? Thanks, Eddie -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] session id
-Original Message- From: Edward Peloke [mailto:[EMAIL PROTECTED]] Sent: 06 February 2003 13:56 To: Php-General@Lists. Php. Net Subject: [PHP] session id Ok, I am sure this has been discussed but I have not been keeping up with the listserv. I am using sessions so to test, I blocked all cookies and of course the sessionid is then in the url. How can I hide it from the url?...or is this even possible? Thanks, Eddie If you disable session.use_trans_sid in your php.ini then session id's will not get passed via the url if cookies are being refused. But then of course your session support is gone for that particular browser/user. Rich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session ID changes
Hello all, I need some clarification. To my understanding, each visit to php site creates a UNIQUE Session ID (SID). And, that ID stays constants until the browser is shutdown, or the session is specifically destroyed. Is this correct? If not, then please advise. I'm trying to develop a cookie-less, persistent, shopping cart, which saves the cart details, in a database. I need to associate each order (cart item) to the current session id. However, the session ID number, seems to change, everytime the page is reloaded. Is this how it works? Am i missing something? Please advise. Thanks. -john -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP session ID not unique or session_register problems
Hi!
I am a kind of newbie in PHP programming, but I have found an interesting
problem and some php guys I know were unable to help me to solve it. So I am
coming here with my question...
I have written a little more advanced counter, which should be included in
other PHP scripts in website.
It uses cookies, which expire in one year. That helps me to determine which
users are coming back to the website. It also uses sessions (session
cookies) to detect how one user is moving in the website in one session.
Program uses three MySQL tables - table of cookies (cookie ID, number of
visits), table of sessions (session ID, cookie ID, IP, browser,...) and
table of visited subpages in the website (session ID, visited location).
The program flow is simple:
1. Check the cookies. If user do not have a cookie, send it to him. Else
find cookie ID in the database (first table) and increase the counter.
2. Check session ID. If session is not registered, register it and set
'number of session visits counter' to 1, AND save session ID (+ cookie ID,
IP,...) to the second MySQL table.
If session is already registered, just increase the session visits counter.
3. Save session ID and visited location (I use the $REQUEST_URI variable) to
the third MySQL table.
It seems OK, but see what happened.
I explicitely said that if ($sess_visits == 1), variable $sessid is saved to
the second table. That means that $sessid must be unique - it should appear
in a table just once.
But when I exported data from table, I found that some $sessid appeared
twice or three times!
What could be the problem???
See a little bit of my code:
ini_set(session.cookie_lifetime, 0);
// Initialize session
session_start();
// Register session and set number of session visits variable to 1
if (!session_is_registered('sess_visits')) {
session_register('sess_visits');
$sess_visits = 1;
}
else {
$sess_visits++;
}
if ($sess_visits == 1) {
...
// Save session, IP, etc. into database
$sql = INSERT INTO wc_sessionident SET sessid = '$sessid', ...;
...
}
bye, Matej
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session ID not unique or session_register problems
At 18.03.2002 14:54, you wrote:
Even if I did´nt look closely at your code, I would suggest, that
you decrease the amount of data, diferent tables to one table.
You set an cookie, therfor you have the same effect as if you use sesssion
vars.
So it´s easy to set and find the data, via cookie.
f.e.
table:
cookie // here the initial cookie, you sent is stored
varname // what kind of information should be stored
varval // the value of the varname.
timestamp // if you like
now you can save all desired informations according to cookie, have them all
in one place, and can select them to different conditions.
But, what if the user doesn´t allow cookies ??
Hi!
I am a kind of newbie in PHP programming, but I have found an interesting
problem and some php guys I know were unable to help me to solve it. So I am
coming here with my question...
I have written a little more advanced counter, which should be included in
other PHP scripts in website.
It uses cookies, which expire in one year. That helps me to determine which
users are coming back to the website. It also uses sessions (session
cookies) to detect how one user is moving in the website in one session.
Program uses three MySQL tables - table of cookies (cookie ID, number of
visits), table of sessions (session ID, cookie ID, IP, browser,...) and
table of visited subpages in the website (session ID, visited location).
The program flow is simple:
1. Check the cookies. If user do not have a cookie, send it to him. Else
find cookie ID in the database (first table) and increase the counter.
2. Check session ID. If session is not registered, register it and set
'number of session visits counter' to 1, AND save session ID (+ cookie ID,
IP,...) to the second MySQL table.
If session is already registered, just increase the session visits counter.
3. Save session ID and visited location (I use the $REQUEST_URI variable) to
the third MySQL table.
It seems OK, but see what happened.
I explicitely said that if ($sess_visits == 1), variable $sessid is saved to
the second table. That means that $sessid must be unique - it should appear
in a table just once.
But when I exported data from table, I found that some $sessid appeared
twice or three times!
What could be the problem???
See a little bit of my code:
ini_set(session.cookie_lifetime, 0);
// Initialize session
session_start();
// Register session and set number of session visits variable to 1
if (!session_is_registered('sess_visits')) {
session_register('sess_visits');
$sess_visits = 1;
}
else {
$sess_visits++;
}
if ($sess_visits == 1) {
...
// Save session, IP, etc. into database
$sql = INSERT INTO wc_sessionident SET sessid = '$sessid', ...;
...
}
bye, Matej
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session ID does not delete itself
Hi, I have been experimenting with PHP4 using sessions and one of my books says that session ID's are created in the /tmp directory so I take a look in there and I find are about 10 sessions that have not been deleted dated earliest to about being week old ie. sess_5b30ccebb1d098c37a5e46efd7708fef I have been experimenting with user authentication with sessions and just plain starting a session when a user accesses the site. Well, the site is still experimental and each time I logged myself out. But I thought sessions were supposed to wipe themselves out from the /tmp directory immediately after leaving the website. Appreciate if someone could shed the light on this issue for me. Thanks. Peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Session ID
Hi, I'm creating web site with sessions. Normally the site uses PHPSESSID to pass session ID to next page. I want to use some script whitch use SID to pass session ID. Can I set standart (i.e. PHPSESSID ) to use to pass session ID ? Thanks, Rosen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Session-id in url, not in cookies
Hello! How can I make the session-id ONLY be stored in the url, even if the user has cookies enabled? I have no access to the php.ini-file. Any ideas? Martin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
