I made a test with the Phoenix-Browser and ENABLE COOKIES = OFF in
the Privacy configuration of the browser.
my index.php:
?
session_start();
$_SESSION[test] = test;
echo a href='index2.php'index2.php/a\n;
?
my index2.php:
?
session_start();
echo $_SESSION[test];
?
My
At 02:18 15.11.2002, Jochen Kächelin said:
[snip]
How can I process $_SESSION variables if the user disables cookies
and session.use_trans_sid = 0 ?
[snip]
Simply put - you can't.
You need a way to transmit the
Simply put - you can't.
You need a way to transmit the session identifier, and AFAIK there's
nothing except either cookies or SID.
Using SID for security relevant issues presents a problem - users can send
links with a SID to friends by mail or else, so this is not really a secure
Hi Jochen,
How can I process $_SESSION variables if the user disables cookies
and session.use_trans_sid = 0 ?
You could use a combination of outputbuffering and a self-written
session-handler.
So you could build a trans_sid-alike system, that would do more checks (i.e.
compare IP-Addresses)
At 02:42 15.11.2002, Sascha Cunz said:
[snip]
This sounds like a pretty good idea to work around that problem :-)
Does this system work, if the user decides to split one session accross
multiple Browser-Windows, i.e. the uses the Open in new
5 matches
Mail list logo