RE: [PHP] Half solved...............what the @#%# is PHPSESSID?
-Original Message-
From: Ryan A [mailto:[EMAIL PROTECTED]
Sent: 26 July 2003 21:16
Hey John,
I dont think its the browser because I have tried this with
opera 6,opera 7,
IE and NN with the same results...
But when i checked the phpinfo() it says that cookies are
enabledDo you
think its worth it to search and replace each Location header
with .SID?
Absolutely: just consider a user who has deliberately blocked all cookies in their
browser options -- even if your server is set to use cookies by default, if
session.use_trans_sid has not been disabled, PHP will detect that the user is blocking
cookies and revert to passing the SID (aka PHPSESSID) in the URL. If you have a URL
that PHP is unable to rewrite for any reason (such as because it's in a
header('Redirect: ...') string), if you haven't manually concatenated the SID constant
to that URL, the session will disappear at that point.
Cheers!
Mike
-
Mike Ford, Electronic Information Services Adviser,
Learning Support Services, Learning Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS, LS6 3QS, United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
Cheers!
Mike
-
Mike Ford, Electronic Information Services Adviser,
Learning Support Services, Learning Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS, LS6 3QS, United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Half solved...............what the @#%# is PHPSESSID?
You have cookies disabled and session.use_trans_sid is enabled in
php.ini. So the session module parses your html output and adds
PHPSESSID to all internal links, forms and everything else that is
needed. However it does not add session id to Location header, it is
your responsibility. Use header('Location: details.php?'.SID); SID is a
magic constant that contains ''.session_name().'='.session_id() (thus
you need ? after details.php).
PHPSESSID is here so session module knows which session file to use. If
you look into your /tmp (or whatever is set up) directory, a file named
sess_46081aa70da693f5edeecc069ed8a627 will be sitting there with all
session variables.
Ryan A wrote:
Hi,
Ok, have half solved why my scripts all of a sudden stopped working.
This is how my scripts are setup:
There is a form(login.php) where the user puts in his user/pass, then this
is authenticated(auth.php) by the database and a few other sessions are
created (email,cust_number) and also username,password sessions are created.
Then i am using a header(Location) to send it to details.php,
details.php will check and make sure that the following sessions have been
created username,password,email,cust_number, if any are not valid it will
kick ther person back to login.php...this was working before but not now.
I went to my forms source and checked where it was sending my submitted form
and found a hidden text box there with this data:
input type=hidden name=PHPSESSID
value=46081aa70da693f5edeecc069ed8a627 /
so i took that PHPSESSID and its value and added it to my
header(Location) like so:
header(Location:details.php?PHPSESSID=46081aa70da693f5edeecc069ed8a627)
and every damn thing is working again...
can ANYBODY please tell me what the @#%# is that PHPSESSID, how it got into
my login page and how do i work with it?
because now I have manually put it in my file, do i need to always put it?
how do i get it as a variable and finally how can i take it out of my
computer and jump on it for causing me 5 hours of pain and suffering.any
ways of killing it slowly too is appreciated.
Even if you cant answer the first questions the last two will do, the
[EMAIL PROTECTED]@#%@ [EMAIL PROTECTED]@# PHPSESSID
Thanks in advance,
-Ryan
-- No, I dont just sound
crazyI AM crazy. --
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Half solved...............what the @#%# is PHPSESSID?
Hey,
Thanks for replying.
I know you can manipulate the php.ini file via htaccess or by putting some
instructions in the include file...is there any way to turn on cookies again
and turn off session.use_trans_sid so i can go back to the old way it was?
because I have a lot of header(location:) statements in a lot of
files.
This just seems a giant PITA.
Cheers,
-Ryan
You have cookies disabled and session.use_trans_sid is enabled in
php.ini. So the session module parses your html output and adds
PHPSESSID to all internal links, forms and everything else that is
needed. However it does not add session id to Location header, it is
your responsibility. Use header('Location: details.php?'.SID); SID is a
magic constant that contains ''.session_name().'='.session_id() (thus
you need ? after details.php).
PHPSESSID is here so session module knows which session file to use. If
you look into your /tmp (or whatever is set up) directory, a file named
sess_46081aa70da693f5edeecc069ed8a627 will be sitting there with all
session variables.
Ryan A wrote:
Hi,
Ok, have half solved why my scripts all of a sudden stopped working.
This is how my scripts are setup:
There is a form(login.php) where the user puts in his user/pass, then
this
is authenticated(auth.php) by the database and a few other sessions are
created (email,cust_number) and also username,password sessions are
created.
Then i am using a header(Location) to send it to details.php,
details.php will check and make sure that the following sessions have
been
created username,password,email,cust_number, if any are not valid it
will
kick ther person back to login.php...this was working before but not
now.
I went to my forms source and checked where it was sending my submitted
form
and found a hidden text box there with this data:
input type=hidden name=PHPSESSID
value=46081aa70da693f5edeecc069ed8a627 /
so i took that PHPSESSID and its value and added it to my
header(Location) like so:
header(Location:details.php?PHPSESSID=46081aa70da693f5edeecc069ed8a627)
and every damn thing is working again...
can ANYBODY please tell me what the @#%# is that PHPSESSID, how it got
into
my login page and how do i work with it?
because now I have manually put it in my file, do i need to always put
it?
how do i get it as a variable and finally how can i take it out of my
computer and jump on it for causing me 5 hours of pain and suffering.any
ways of killing it slowly too is appreciated.
Even if you cant answer the first questions the last two will do, the
[EMAIL PROTECTED]@#%@ [EMAIL PROTECTED]@# PHPSESSID
Thanks in advance,
-Ryan
-- No, I dont just
sound
crazyI AM crazy. --
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Half solved...............what the @#%# is PHPSESSID?
Ryan A wrote: I know you can manipulate the php.ini file via htaccess or by putting some instructions in the include file...is there any way to turn on cookies again and turn off session.use_trans_sid so i can go back to the old way it was? because I have a lot of header(location:) statements in a lot of files. Your browser is not accepting the cookies... Or, your session module has been told not to use cookies. To enable cookies for the session module, use: php.ini: session.use_cookies = 1 .htaccess: php_value session.use_cookies 1 If the value is already 1 or ON, then it's your browser causing the trouble. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ PHP|Architect: A magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Half solved...............what the @#%# is PHPSESSID?
Hey John, I dont think its the browser because I have tried this with opera 6,opera 7, IE and NN with the same results... But when i checked the phpinfo() it says that cookies are enabledDo you think its worth it to search and replace each Location header with .SID? Thanks, -Ryan - Original Message - From: John W. Holmes [EMAIL PROTECTED] To: Ryan A [EMAIL PROTECTED] Cc: Marek Kilimajer [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, July 26, 2003 9:15 PM Subject: Re: [PHP] Half solved...what the @#%# is PHPSESSID? Ryan A wrote: I know you can manipulate the php.ini file via htaccess or by putting some instructions in the include file...is there any way to turn on cookies again and turn off session.use_trans_sid so i can go back to the old way it was? because I have a lot of header(location:) statements in a lot of files. Your browser is not accepting the cookies... Or, your session module has been told not to use cookies. To enable cookies for the session module, use: php.ini: session.use_cookies = 1 .htaccess: php_value session.use_cookies 1 If the value is already 1 or ON, then it's your browser causing the trouble. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ PHP|Architect: A magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Half solved...............what the @#%# is PHPSESSID?
Personally, I would do a search-and-replace for header() and replace it with your own custom header() function. Then you would only have to change one location. Jim Lucas - Original Message - From: Ryan A [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, July 26, 2003 1:16 PM Subject: Re: [PHP] Half solved...what the @#%# is PHPSESSID? Hey John, I dont think its the browser because I have tried this with opera 6,opera 7, IE and NN with the same results... But when i checked the phpinfo() it says that cookies are enabledDo you think its worth it to search and replace each Location header with .SID? Thanks, -Ryan - Original Message - From: John W. Holmes [EMAIL PROTECTED] To: Ryan A [EMAIL PROTECTED] Cc: Marek Kilimajer [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, July 26, 2003 9:15 PM Subject: Re: [PHP] Half solved...what the @#%# is PHPSESSID? Ryan A wrote: I know you can manipulate the php.ini file via htaccess or by putting some instructions in the include file...is there any way to turn on cookies again and turn off session.use_trans_sid so i can go back to the old way it was? because I have a lot of header(location:) statements in a lot of files. Your browser is not accepting the cookies... Or, your session module has been told not to use cookies. To enable cookies for the session module, use: php.ini: session.use_cookies = 1 .htaccess: php_value session.use_cookies 1 If the value is already 1 or ON, then it's your browser causing the trouble. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ PHP|Architect: A magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Half solved...............what the @#%# is PHPSESSID?
Ryan A wrote: Hey John, I dont think its the browser because I have tried this with opera 6,opera 7, IE and NN with the same results... But when i checked the phpinfo() it says that cookies are enabledDo you think its worth it to search and replace each Location header with .SID? Well, if SID has a value, that means the session cookie could not be set. Plain and simple. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ PHP|Architect: A magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
