RE: [PHP] Half solved...............what the @#%# is PHPSESSID?
-Original Message- From: Ryan A [mailto:[EMAIL PROTECTED] Sent: 26 July 2003 21:16 Hey John, I dont think its the browser because I have tried this with opera 6,opera 7, IE and NN with the same results... But when i checked the phpinfo() it says that cookies are enabledDo you think its worth it to search and replace each Location header with .SID? Absolutely: just consider a user who has deliberately blocked all cookies in their browser options -- even if your server is set to use cookies by default, if session.use_trans_sid has not been disabled, PHP will detect that the user is blocking cookies and revert to passing the SID (aka PHPSESSID) in the URL. If you have a URL that PHP is unable to rewrite for any reason (such as because it's in a header('Redirect: ...') string), if you haven't manually concatenated the SID constant to that URL, the session will disappear at that point. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Half solved...............what the @#%# is PHPSESSID?
You have cookies disabled and session.use_trans_sid is enabled in php.ini. So the session module parses your html output and adds PHPSESSID to all internal links, forms and everything else that is needed. However it does not add session id to Location header, it is your responsibility. Use header('Location: details.php?'.SID); SID is a magic constant that contains ''.session_name().'='.session_id() (thus you need ? after details.php). PHPSESSID is here so session module knows which session file to use. If you look into your /tmp (or whatever is set up) directory, a file named sess_46081aa70da693f5edeecc069ed8a627 will be sitting there with all session variables. Ryan A wrote: Hi, Ok, have half solved why my scripts all of a sudden stopped working. This is how my scripts are setup: There is a form(login.php) where the user puts in his user/pass, then this is authenticated(auth.php) by the database and a few other sessions are created (email,cust_number) and also username,password sessions are created. Then i am using a header(Location) to send it to details.php, details.php will check and make sure that the following sessions have been created username,password,email,cust_number, if any are not valid it will kick ther person back to login.php...this was working before but not now. I went to my forms source and checked where it was sending my submitted form and found a hidden text box there with this data: input type=hidden name=PHPSESSID value=46081aa70da693f5edeecc069ed8a627 / so i took that PHPSESSID and its value and added it to my header(Location) like so: header(Location:details.php?PHPSESSID=46081aa70da693f5edeecc069ed8a627) and every damn thing is working again... can ANYBODY please tell me what the @#%# is that PHPSESSID, how it got into my login page and how do i work with it? because now I have manually put it in my file, do i need to always put it? how do i get it as a variable and finally how can i take it out of my computer and jump on it for causing me 5 hours of pain and suffering.any ways of killing it slowly too is appreciated. Even if you cant answer the first questions the last two will do, the [EMAIL PROTECTED]@#%@ [EMAIL PROTECTED]@# PHPSESSID Thanks in advance, -Ryan -- No, I dont just sound crazyI AM crazy. -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Half solved...............what the @#%# is PHPSESSID?
Hey, Thanks for replying. I know you can manipulate the php.ini file via htaccess or by putting some instructions in the include file...is there any way to turn on cookies again and turn off session.use_trans_sid so i can go back to the old way it was? because I have a lot of header(location:) statements in a lot of files. This just seems a giant PITA. Cheers, -Ryan You have cookies disabled and session.use_trans_sid is enabled in php.ini. So the session module parses your html output and adds PHPSESSID to all internal links, forms and everything else that is needed. However it does not add session id to Location header, it is your responsibility. Use header('Location: details.php?'.SID); SID is a magic constant that contains ''.session_name().'='.session_id() (thus you need ? after details.php). PHPSESSID is here so session module knows which session file to use. If you look into your /tmp (or whatever is set up) directory, a file named sess_46081aa70da693f5edeecc069ed8a627 will be sitting there with all session variables. Ryan A wrote: Hi, Ok, have half solved why my scripts all of a sudden stopped working. This is how my scripts are setup: There is a form(login.php) where the user puts in his user/pass, then this is authenticated(auth.php) by the database and a few other sessions are created (email,cust_number) and also username,password sessions are created. Then i am using a header(Location) to send it to details.php, details.php will check and make sure that the following sessions have been created username,password,email,cust_number, if any are not valid it will kick ther person back to login.php...this was working before but not now. I went to my forms source and checked where it was sending my submitted form and found a hidden text box there with this data: input type=hidden name=PHPSESSID value=46081aa70da693f5edeecc069ed8a627 / so i took that PHPSESSID and its value and added it to my header(Location) like so: header(Location:details.php?PHPSESSID=46081aa70da693f5edeecc069ed8a627) and every damn thing is working again... can ANYBODY please tell me what the @#%# is that PHPSESSID, how it got into my login page and how do i work with it? because now I have manually put it in my file, do i need to always put it? how do i get it as a variable and finally how can i take it out of my computer and jump on it for causing me 5 hours of pain and suffering.any ways of killing it slowly too is appreciated. Even if you cant answer the first questions the last two will do, the [EMAIL PROTECTED]@#%@ [EMAIL PROTECTED]@# PHPSESSID Thanks in advance, -Ryan -- No, I dont just sound crazyI AM crazy. -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Half solved...............what the @#%# is PHPSESSID?
Ryan A wrote: I know you can manipulate the php.ini file via htaccess or by putting some instructions in the include file...is there any way to turn on cookies again and turn off session.use_trans_sid so i can go back to the old way it was? because I have a lot of header(location:) statements in a lot of files. Your browser is not accepting the cookies... Or, your session module has been told not to use cookies. To enable cookies for the session module, use: php.ini: session.use_cookies = 1 .htaccess: php_value session.use_cookies 1 If the value is already 1 or ON, then it's your browser causing the trouble. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ PHP|Architect: A magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Half solved...............what the @#%# is PHPSESSID?
Hey John, I dont think its the browser because I have tried this with opera 6,opera 7, IE and NN with the same results... But when i checked the phpinfo() it says that cookies are enabledDo you think its worth it to search and replace each Location header with .SID? Thanks, -Ryan - Original Message - From: John W. Holmes [EMAIL PROTECTED] To: Ryan A [EMAIL PROTECTED] Cc: Marek Kilimajer [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, July 26, 2003 9:15 PM Subject: Re: [PHP] Half solved...what the @#%# is PHPSESSID? Ryan A wrote: I know you can manipulate the php.ini file via htaccess or by putting some instructions in the include file...is there any way to turn on cookies again and turn off session.use_trans_sid so i can go back to the old way it was? because I have a lot of header(location:) statements in a lot of files. Your browser is not accepting the cookies... Or, your session module has been told not to use cookies. To enable cookies for the session module, use: php.ini: session.use_cookies = 1 .htaccess: php_value session.use_cookies 1 If the value is already 1 or ON, then it's your browser causing the trouble. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ PHP|Architect: A magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Half solved...............what the @#%# is PHPSESSID?
Personally, I would do a search-and-replace for header() and replace it with your own custom header() function. Then you would only have to change one location. Jim Lucas - Original Message - From: Ryan A [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, July 26, 2003 1:16 PM Subject: Re: [PHP] Half solved...what the @#%# is PHPSESSID? Hey John, I dont think its the browser because I have tried this with opera 6,opera 7, IE and NN with the same results... But when i checked the phpinfo() it says that cookies are enabledDo you think its worth it to search and replace each Location header with .SID? Thanks, -Ryan - Original Message - From: John W. Holmes [EMAIL PROTECTED] To: Ryan A [EMAIL PROTECTED] Cc: Marek Kilimajer [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, July 26, 2003 9:15 PM Subject: Re: [PHP] Half solved...what the @#%# is PHPSESSID? Ryan A wrote: I know you can manipulate the php.ini file via htaccess or by putting some instructions in the include file...is there any way to turn on cookies again and turn off session.use_trans_sid so i can go back to the old way it was? because I have a lot of header(location:) statements in a lot of files. Your browser is not accepting the cookies... Or, your session module has been told not to use cookies. To enable cookies for the session module, use: php.ini: session.use_cookies = 1 .htaccess: php_value session.use_cookies 1 If the value is already 1 or ON, then it's your browser causing the trouble. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ PHP|Architect: A magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Half solved...............what the @#%# is PHPSESSID?
Ryan A wrote: Hey John, I dont think its the browser because I have tried this with opera 6,opera 7, IE and NN with the same results... But when i checked the phpinfo() it says that cookies are enabledDo you think its worth it to search and replace each Location header with .SID? Well, if SID has a value, that means the session cookie could not be set. Plain and simple. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ PHP|Architect: A magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php