[PHP] sessions bw http and https hosts in same domain
Problem: hosts http://www.; and https://secure.; of the same domain need to work with the same browser session_id. This is a login/authenticate/redirect scenario. In this case the session data store is a common MySQL database, so the issues of /tmp sharing, NFS, etc. are set aside. My platform is Apache 1.3.22 and RH Linux 7.1. What PHP v4.1.x method of exchanging the session_id and session_name is most secure, most effective, and generally makes good soup? I've had some success with initial tests in appending '?PHPSESSID=29AE490...' to the URL and link hrefs, but that really seems ugly and unnecessary. hopefully there's a better way!? This question seems to get asked a lot in the archives but there doesn't seem to be a guideline resolution. PLEASE and THANK YOU! RF. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: HOW TO: How can I retrieve the HTTP Response Headers
check into libcurl and the php/curl integration. You are certainly able to process the response headers in curl. Hello, Alexandre Ferreira Novello wrote: Hello guys, I asked that before, but I will explain my problem with more details. How can I retrieve the HTTP Response Headers using iPlanet or an independent SAPI function? Does these variables could come in any $HTTP_*_VARS or $_*? AFAIK there is no function to do that. Since your script is the one that generates the headers, you are supposed to keep track of what headers your script generates. A whole project that is already done is dependent of just this feature. Why? Why don't you create a replacement for the Header() function that besides calling that function also stores the headers in a global array variable as you need? Regards, Manuel Lemos -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] setting/reading session_id before session_start
Maybe I'm having a brain fart, please set me straight: I want to use session_id($myval) to use a roll-my-own MD5 session id (SID). I don't obviously want to assign the session_id() if the session is already established. Given that session_id() must come before session_start() how do you tell if a session_id has already been set before session_start()?! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] session_set_save doesnt write for 4.1.1?
I am converting my sessions code to use the new $_SESSION method for addressing session variables. My session_set_save_handler is written for MySQL and was working until I started changing external routines to not use $HTTP_SESSION_VARS and session_register. My debugging shows that the $_SESSION array contains the values I want during the test script, but they aren't written to the database. However the 'start' and 'read' handlers are working. Anything that PHP 4.1.1 presents differently for it's session_write method!? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Help! What would prevent/break session writing?
I must've set something somewhere so that my session writes don't commit anything. My reads work if I dummy-up some data. My system used to work. I haven't changed user or group on Apache, user rights seem ok, Mysql is ok, Mysql rights are ok. My env: PHP 4.1.1, RH Linux 7.1, Apache 1.3.22, PHP as Module, MySQL extensions. Have tried session_set_save_handler to use a Mysql session data store and have also tried reverting back to the php.ini setting for session.save_handler = file This is really odd. HELP!! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] help writing cookie 2 hosts same domain
I'm trying to write a cookie that is properly read by two hosts of the same domain. The hosts: https://secure.domain.com http://www.domain.com With PHP 4.1.1 for Linux on Apache (as module) I've written setcookie(session,$sesscode, /, domain.com, 0); and setcookie(session,$sesscode, /, .domain.com, 0); (diff is the leading 'dot' in the domain) Neither of these are writing a cookie to Netscape 6.2 without the hostname as part of the cookie. How do you write the cookie so that BOTH SERVERS can read it? Thx, RF. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Using IP as an identfier
Last week a thread went by that was a discussion on the merits of using the REMOTE_ADDR as an element of several parts to secure (other unique items were to be the USER_AGENT, etc.). I'd like to incorporate the lists collective wisdom. What was the list's conclusion on this matter? It seems that the IP can be problematic due to proxy servers, and some AOL'ers can morph during their session. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]