Brett Patterson wrote:
Well, if you look in your phpinfo() file, you will see a SESSION_TIMEOUT or
SESSION_LENGTH value that is something like 18... different for each
server.
If you hold all your session values in the array, then you can use
session_destory(); as long as session_start() is
When a session object is created - where is it store?
Assuming you mean session data, it is stored on the server, in /tmp by
default.
To destroy the session object (widht all session vairables inside the
particluar session object) can I use session_destroy();
When a session object is created - where is it store? (Perhaps on the
application server - IIS or Appatche?) Or on a cookking on a user's
computer?
To destroy the session object (widht all session vairables inside the
particluar session object) can I use session_destroy();
What is also the
under the impressions that both Sessions and Cookies are stored on the
user end, but I may be wrong.
~Brett
-Original Message-
From: Jacques [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 22, 2005 1:20 AM
To: php-general@lists.php.net
Subject: [PHP] Sessions and cookies
When a session
Just as folks can turn off JavaScript, they can reject cookies. Sessions
have some advantages over cookies.
[Original Message]
From: Ed Lazor [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: 07/13/2004 2:47:31 PM
Subject: [PHP] Opinion: PHP Sessions or Cookies
I'm using PHP sessions
understanding, so I'd like to run it by you guys. Which is more secure:
PHP sessions or cookies?
In case you're curious, more details on the specifics of the problem I'm
experiencing:
I have a prepend file that executes start_session. The script assumes the
user is a guest if $_SESSION[UserID
:
Just as folks can turn off JavaScript, they can reject cookies. Sessions
have some advantages over cookies.
[Original Message]
From: Ed Lazor [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: 07/13/2004 2:47:31 PM
Subject: [PHP] Opinion: PHP Sessions or Cookies
I'm using PHP
session data. He swears it's my scripts and says I should be
using
cookies for better security. That goes completely opposite to my
understanding, so I'd like to run it by you guys. Which is more secure:
PHP sessions or cookies?
In case you're curious, more details on the specifics
it by you guys. Which is more secure:
PHP sessions or cookies?
In case you're curious, more details on the specifics of the problem I'm
experiencing:
I have a prepend file that executes start_session. The script assumes the
user is a guest if $_SESSION[UserID] is not set. All
-Original Message-
have you tried storing your session data in a database? Storing session
data
in a database has some advances over the standard file based solution,
mainly data security und comfort. For example, if you want to get the
number
of the active sessions just do a
-Original Message-
have you tried storing your session data in a database? Storing session
data
in a database has some advances over the standard file based solution,
mainly data security und comfort. For example, if you want to get the
number
of the active sessions just do a
sessions or cookies?
In case you're curious, more details on the specifics of the problem I'm
experiencing:
I have a prepend file that executes start_session. The script assumes the
user is a guest if $_SESSION[UserID] is not set. All guests route to the
login screen. Successful authentication
secure:
PHP sessions or cookies?
Session certainly.
It sounds like PHP session data is being lost on the server. I've also seen
error messages on web pages that report PHP / MySQL as having trouble
reading from the temp directory. Here's the extact message: ERRORError
writing file '/tmp/MYiYcf7q
be using
cookies for better security. That goes completely opposite to my
understanding, so I'd like to run it by you guys. Which is more secure:
PHP sessions or cookies?
In case you're curious, more details on the specifics of the problem I'm
experiencing:
I have a prepend file that executes
-Original Message-
Looks like /tmp directory is out of space. Change the directory to your
own, it's more secure anyway.
I keep watching and /tmp seems ok space-wise, but I like the idea of
overriding where session files are stored. I just made that change and I'm
waiting for
opposite to my
understanding, so I'd like to run it by you guys. Which is more secure:
PHP sessions or cookies?
In case you're curious, more details on the specifics of the problem I'm
experiencing:
I have a prepend file that executes start_session. The script assumes the
user
it by you guys. Which is more secure:
PHP sessions or cookies?
First, I'd like to point out that sessions and cookies aren't opposite
ideas at all. In fact, PHP's default session mechanism uses cookies for
the session identifier (PHPSESSID).
The way I interpret your question is to ask whether it's
On Wednesday 14 July 2004 12:45, Chris Shiflett wrote:
The way I interpret your question is to ask whether it's better to store
session data on the server (in $_SERVER) or on the client (in cookies).
So that people don't get confused: $_SERVER should be $_SESSION.
--
Jason Wong - Gremlins
I have a couple of questions regarding sessions and cookies:
1) Is there a way to append information to a cookie? I have read that it
is, but I have also read many problems. Is there any particular way to do
this? I ask this because cookies are being generated by two different types
of
Guys/Gals,
I've built a registration page on a site that stores a unique id for a
user when they register. That id is then stored in a database and set as
a session variable and as a cookie and is used to register personal user
preferences.
The reason I use both is that I don't really want to
1, What i got to do for manages sessions in my RedHat 8,
2, What i got to do for manages cookies in my RedHat 8,
I try to use session vars, but no work
I try to use cookies, and when i open two browser, the same cookie is in two
browser... this is a problem,
I need to carry the user_id in my
At 15:49 19.02.2003, Sidar Lopez Cruz spoke out and said:
[snip]
1, What i got to do for manages sessions in my RedHat 8,
2, What i got to do for manages cookies in my RedHat 8,
I try to use session vars, but no work
I try to use cookies, and when i open
I'm trying to use cookies in PHP4 (.whatever the latest release is). I
want
to use them for validation (ensuring a user has logged in) but all I can
find
is setcookie, which seems only to create the cookie. In trying to use PHP
sessions, I end up with odd errors.
When I try to use sessions
I'm trying to use cookies in PHP4 (.whatever the latest release is). I want
to use them for validation (ensuring a user has logged in) but all I can find
is setcookie, which seems only to create the cookie. In trying to use PHP
sessions, I end up with odd errors.
When I try to use sessions I
acleave wrote:
My Questions:
If I create a cookie with set_cookie how do I read it/check it?
$_COOKIE superglobal array.
How do I use sessions if they can't be sent in the code?
The session_start function has to be at the VERY top of the of the code,
below ANY output (even blank spaces
for this directive (e.g., output_buffering=4096).
output_buffering = On
---
Yours trully,
--Dmitri
- Original Message -
From: acleave
To: php-general [EMAIL PROTECTED]
Sent: Wednesday, February 05, 2003 12:01 AM
Subject: [PHP] Sessions and Cookies
I'm trying to use cookies in PHP4 (.whatever
Peter Janett wrote:
Sessions themselves use cookies, though, right? So, if you want your app to
work for those who don't have cookies, you have to pass the session data in
the url string, at least that's my understanding.
With sessions, its only the session ID that is put in the cookie or url
Sessions themselves use cookies, though, right? So, if you want your app to
work for those who don't have cookies, you have to pass the session data in
the url string, at least that's my understanding.
Cookies are used by default. However, if cookies are disabled in a
client, a session
--- Peter Janett [EMAIL PROTECTED] wrote:
Sessions themselves use cookies, though, right?
So, if you want your app to work for those who
don't have cookies, you have to pass the session
data in the url string, at least that's my
understanding.
That's not quite right.
Session management
Hi all,
I'm about to create a site where visitors will be able to search, view,
surf and add items to a shopping cart without logging in to the site,
but will need to do that in order to complete the transaction of course.
What I wonder, is what to use to collect information about the items the
--- Cesar Aracena [EMAIL PROTECTED] wrote:
Should I use the no-so-secure old cookies method
or should I start a new session every time a client
drops in and handle each cart by session name or ID?
My advice is to only use cookies to identify a Web client.
Any data you want to associate with
Shiflett [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 17, 2003 9:29 AM
To: Cesar Aracena; [EMAIL PROTECTED]
Subject: Re: [PHP] Sessions or Cookies?
--- Cesar Aracena [EMAIL PROTECTED] wrote:
Should I use the no-so-secure old cookies method
or should I start a new session every time
Message -
From: Daevid Vincent [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; 'Cesar Aracena' [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Friday, January 17, 2003 6:32 PM
Subject: RE: [PHP] Sessions or Cookies?
Agreed. Sessions are much more secure and convienient to use too. Since
it's not reliant
I've just read on MSDN that ASP sessions only work if the client has
cookies enabled,
Is that true for PHP as well.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
No.
http://www.php.net/manual/en/ref.session.php
- E
R. Z. wrote:
I've just read on MSDN that ASP sessions only work if the client has
cookies enabled,
Is that true for PHP as well.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
Hi,
I've just read on MSDN that ASP sessions only work if
the client has cookies enabled, Is that true for PHP as well.
No, not if you have session.use_trans_sid = 1 in your php.ini.
Cheers
Jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
On Tuesday 08 October 2002 23:34, R. Z. wrote:
I've just read on MSDN that ASP sessions only work if the client has
cookies enabled,
Is that true for PHP as well.
Yes.
Note that some browsers actually differentiate between session cookies (stored
in memory) and 'permanent' cookies (stored
On Tuesday 08 October 2002 23:34, R. Z. wrote:
I've just read on MSDN that ASP sessions only work if the client has
cookies enabled,
Is that true for PHP as well.
Yes.
Note that some browsers actually differentiate between session cookies
(stored
in memory) and 'permanent' cookies
John, et al --
...and then John W. Holmes said...
%
% You can pass the session ID in a form, too. Just use POST, and make it a
% hidden element passed to the next page.
Yeah, I figured that.
%
% input type=hidden name=PHPSESSID value=?=$PHPSESSID?
%
% It's no different than passing it in
Justin, et al --
...and then Justin French said...
%
% on 07/10/02 11:32 AM, David T-G ([EMAIL PROTECTED]) wrote:
%
% It's a start; it confirms some of what I think I understand about
% sessions. Now if only I can get the session ID out of the URL without
% using any cookies... Any ideas,
on 07/10/02 7:18 PM, David T-G ([EMAIL PROTECTED]) wrote:
% re-write any relative URLs in your pages to include the session ID... it's
So I can code without having to put the ID on the URLs myself? So the
transparent-ness is for the programmer? Well, I do like that...
Yes.
% So, this
% The most common method is plain cookies. But if you want guaranteed
state,
Sure, but I know that cookies won't work, so that rules them out.
Won't work, or you don't want to use them?
% So, this rules out a complaint about complicated URLs, because you
don't
% have to type them.
I
Hi, all --
I've seen a recent flurry of discussion on sessions, and that's good;
lovely how that has shown up just as I need to dig into sessions. I
think I've come to understand, though, that you can't manage sessions
without either URL extensions or cookies, and that's bad (for me, at
least).
I think you're under a little misconception about how sessions are used.
Maintaining a session is simply just having a unique identifier for each
user, so that the server can recognise the user from page to page,
maintaining state.
Typically this is done by passing a session id around in he URL
Justin, et al --
...and then Justin French said...
%
% I think you're under a little misconception about how sessions are used.
Perhaps. I'm new to them :-)
% Maintaining a session is simply just having a unique identifier for each
% user, so that the server can recognise the user from page
General list
Cc: Justin French
Subject: Re: [PHP] sessions without cookies *or* URLs
Justin, et al --
...and then Justin French said...
%
% I think you're under a little misconception about how sessions are
used.
Perhaps. I'm new to them :-)
% Maintaining a session is simply just
on 07/10/02 11:32 AM, David T-G ([EMAIL PROTECTED]) wrote:
It's a start; it confirms some of what I think I understand about
sessions. Now if only I can get the session ID out of the URL without
using any cookies... Any ideas, anyone?
I Thought I made it clear, but I'll try again :)
You
Hi, thanks for all the replies on my two previous postings relating to
sessions and cookies.
I have set my mind on using sessions but without cookies, so that
entails passing the SID via relative URL's.
My problem comes in here, when I create a simple login page with a form
that send username
[EMAIL PROTECTED]
Subject: [PHP] Sessions without cookies : forms
Hi, thanks for all the replies on my two previous postings relating to
sessions and cookies.
I have set my mind on using sessions but without cookies, so that
entails passing the SID via relative URL's.
My problem comes
Sure, why not? Users can't create session variables (unless you're
on a
virtual server...)
... and I am -- A shared host server that is.
Now I'm not sure on this, I haven't tested it. Has anyone?
If we're on a virtual server, why can't I just open the
session.save_path with PHP and read
on 17/07/02 6:51 PM, John Holmes ([EMAIL PROTECTED]) wrote:
... and I am -- A shared host server that is.
Now I'm not sure on this, I haven't tested it. Has anyone?
Is this particular vulnerability only in existence when the server is pretty
open? I mean, on my particular host, I can't FTP
... and I am -- A shared host server that is.
Now I'm not sure on this, I haven't tested it. Has anyone?
Is this particular vulnerability only in existence when the server is
pretty
open? I mean, on my particular host, I can't FTP to anything outside
my
docroot, and I can't use SSH,
snip
What I'm looking to do is when a user logs in, I start up the session.. I
then have the registered session var to verify they are authenticated as
they move throughout the site.
/snip
This solution is no garantuee that the authenticated user is in control
during that session. The only
I asked something similar a little while ago, but didn't do a good job
clarifying.
What I'm looking to do is when a user logs in, I start up the session.. I
then have the registered session var to verify they are authenticated as
they move throughout the site.
Now, when they close the browser
12:30 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Sessions / logins / cookies / security
I asked something similar a little while ago, but didn't do a good job
clarifying.
What I'm looking to do is when a user logs in, I start up the session.. I
then have the registered session var to verify
What I'm looking to do is when a user logs in, I start up the
session.. I
then have the registered session var to verify they are
authenticated as
they move throughout the site.
Now, when they close the browser and come back, I want them
to still be authenticated.
I don't think this
based on any of the user data.
www.php.net/uniqid
---John Holmes...
- Original Message -
From: Chad Day [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 16, 2002 3:30 PM
Subject: RE: [PHP] Sessions / logins / cookies / security
Anyone? Can someone at least point me to some web
Chad Day wrote:
What I'm looking to do is when a user logs in, I start up the session.. I
then have the registered session var to verify they are authenticated as
they move throughout the site.
Now, when they close the browser and come back, I want them to still be
authenticated. Obviously, I
On my sites, I have a check box next to the login form which says remember
me. If they tick this box, and they userid/password is valid, I set a
cookie on their system which remembers them, which is just their username
and an md5() of their pasword (the same data I add to the session).
When
So, if there is no uid and pwd in $_SESSION, I check in $_COOKIE. If
there's nothing there, they aren't logged in as far as I can tell. On
every
page I validate the uid and pwd against the database, so the only way
you
could fake being another user is to know the uid AND md5()'d pwd.
Or
On Wed, Jul 17, 2002 at 10:43:24AM +1000, Justin French wrote:
I set a
cookie on their system which remembers them, which is just their username
and an md5() of their pasword (the same data I add to the session).
OUCH! Sending the password back out to the net is a scarry prospect.
--Dan
--
on 17/07/02 11:11 AM, Analysis Solutions
([EMAIL PROTECTED]) wrote:
On Wed, Jul 17, 2002 at 10:43:24AM +1000, Justin French wrote:
I set a
cookie on their system which remembers them, which is just their username
and an md5() of their pasword (the same data I add to the session).
OUCH!
on 17/07/02 11:11 AM, John Holmes ([EMAIL PROTECTED]) wrote:
Or steal it. :)
I hope you have checked your site for any cross-site scripting
vulnerabilities. This is exactly where vulnerabilities like this come
into play...
Interesting -- I'm only a few days away from launching this...
Or steal it. :)
I hope you have checked your site for any cross-site scripting
vulnerabilities. This is exactly where vulnerabilities like this
come
into play...
Interesting -- I'm only a few days away from launching this... could
you
elaborate on the potential risk, or point me to
Thanks heaps John,
So as a basic rule, having a uid and pwd stored as session variables is NOT
the problem, but storing the uid and/or pwd in a cookie on the browser is
just plain asking for it :)
So, how do you implement a remember me safely?
Setting JUST the uid in a cookie prevents people
So as a basic rule, having a uid and pwd stored as session variables
is
NOT
the problem, but storing the uid and/or pwd in a cookie on the browser
is
just plain asking for it :)
You shouldn't even have to do this. Just set a $_SESSION['logged_on']
variable to true and check for that. Why
on 17/07/02 12:35 PM, John Holmes ([EMAIL PROTECTED]) wrote:
You shouldn't even have to do this. Just set a $_SESSION['logged_on']
variable to true and check for that. Why carry around the username and
password??
Well, I guess it's because I started with someone else's script, and built
my
You shouldn't even have to do this. Just set a
$_SESSION['logged_on']
variable to true and check for that. Why carry around the username
and
password??
Well, I guess it's because I started with someone else's script, and
built
my own from there. Not being a security expert, I assumed
on 17/07/02 1:05 PM, John Holmes ([EMAIL PROTECTED]) wrote:
Sure, why not? Users can't create session variables (unless you're on a
virtual server...)
... and I am -- A shared host server that is.
Justin French
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 16, 2002 4:51 PM
To: Chad Day; [EMAIL PROTECTED]
Subject: Re: [PHP] Sessions / logins / cookies / security
There really isn't a good way to do this, I think.
Any time you're taking just a cookie, and using that data to assume
who
the
user
maintain state accross requests. This is done in 3 different ways.
1. Cookies
2. URL Mangling
3. HTTP Authentication
#4 Passing a SID/Session info in hidden fields, but it means
you must push every page move through a submit (which can be
done with Javascript, image buttons, etc),
We have a shopping cart product we're developing in PHP, and I've
recently come across I dilemma that I need to find a reliable solution
to.
Many of the people who will be shopping on our sites have cookies
disabled, which presents a problem when using sessions. Now, I am aware
of the fact that
Use standard HTTP authentication over SSL - that's the only other way.
On Tue, 14 May 2002, Matthew Walker wrote:
We have a shopping cart product we're developing in PHP, and I've
recently come across I dilemma that I need to find a reliable solution
to.
Many of the people who will be
On Tue, 14 May 2002, Matthew Walker wrote:
Many of the people who will be shopping on our sites have cookies
disabled, which presents a problem when using sessions. Now, I am aware
of the fact that we could append the SID constant to every URL, but this
will not work for us. None of our sites
Senior Software Engineer
ePliant Marketing
-Original Message-
From: Miguel Cruz [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 14, 2002 5:48 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Sessions Without Cookies or SID Passing...
On Tue, 14 May 2002, Matthew Walker wrote:
Many
Lerdorf [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 14, 2002 5:42 PM
To: Matthew Walker
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Sessions Without Cookies or SID Passing...
Use standard HTTP authentication over SSL - that's the only other way.
On Tue, 14 May 2002, Matthew Walker wrote:
We have
is, and other related information.
Matthew Walker
Senior Software Engineer
ePliant Marketing
-Original Message-
From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 14, 2002 5:42 PM
To: Matthew Walker
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Sessions Without Cookies
On Tue, 14 May 2002, Matthew Walker wrote:
The sites are not dynamic, but the shopping cart /is/. The problem is,
if people don't have cookies on, when they return to the site to order
more products, they loose the SID that has been appended to the links
inside the cart, and thus loose the
Walker
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] Sessions Without Cookies or SID Passing...
I am understanding the problem perfectly. HTTP is stateless. You want to
maintain state accross requests. This is done in 3 different ways.
1. Cookies
2. URL Mangling
3. HTTP Authentication
You said you
]
Subject: RE: [PHP] Sessions Without Cookies or SID Passing...
I am understanding the problem perfectly. HTTP is stateless. You want
to
maintain state accross requests. This is done in 3 different ways.
1. Cookies
2. URL Mangling
3. HTTP Authentication
You said you did not want to do 1 or 2
:[EMAIL PROTECTED]]
Sent: Wednesday, May 15, 2002 10:04 AM
To: Matthew Walker
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] Sessions Without Cookies or SID Passing...
I am understanding the problem perfectly. HTTP is stateless. You want to
maintain state accross requests. This is done in 3
Could you explain how this could be accomplished, because I'm not
understanding how to do it.
As I understand HTTP Authentication (correct me if I'm wrong), the
user's computer still has to send a 'username/password' pair to perform
the authentication. I can't see how this could be used to
: RE: [PHP] Sessions Without Cookies or SID Passing...
You're missing one method - using the user's IP address
It's not a guaranteed fool-proof method, but if you don't want to use
cookies or the URL, then this sorta works.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit
PROTECTED]]
Sent: Tuesday, May 14, 2002 5:30 PM
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] Sessions Without Cookies or SID Passing...
If it ain't foolproof then only a fool would use it ...
IP addresses are just about the worst way to identify anyone.
-Original Message-
From: Martin Towell
Engineer
ePliant Marketing
-Original Message-
From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 14, 2002 6:26 PM
To: Matthew Walker
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] Sessions Without Cookies or SID Passing...
Could you explain how this could be accomplished, because
You're missing one method - using the user's IP address
It's not a guaranteed fool-proof method, but if you don't
want to use cookies or the URL, then this sorta works.
Unless there's a firewall using NAT or a proxy cache involved. I know
for a fact that our internal network only ever
I have a website where I use sessions. After a user has logged of, the logon
screen appears again. The username field is filled with the value from a
cookie.
What happens:
For example: username = Peter
In the situation that I log of (and the logon page appears), the username
field gets the
on 8/27/01 10:31 AM, Richard Baskett at [EMAIL PROTECTED] wrote:
Ok on a pc when I have cookies turned off I am still able to access my
session variables, but on a mac I can not. Is there a difference between
the way session variables are stored on each platform? And if a session is
indeed
I just used the url to pass it since no matter what I did I couldn¹t seem to
get it to work when cookies were turned off on my mac. I've read the
session url on the php site from top to bottom and the transparent sessions
are even enabled on the server, but yet to no avail on the mac :(
on
Ok on a pc when I have cookies turned off I am still able to access my
session variables, but on a mac I can not. Is there a difference between
the way session variables are stored on each platform? And if a session is
indeed a cookie, then why does the session still work on pc's with cookies
I am about to write a new admin system for a website I do and
it will have many different logins. I was wondering overall which
most of you thought would be better for such a thing? Wants really
a pro about sessions over cookies?
If it's for an admin section, then you may as well use
cookies?
PHP sessions actually are cookies in most cases, but will revert to
sending an ID tag in the URL if the user has cookies disabled (the ID
tag does not need to be programmed into the URL, the PHP engine
inserts it automatically).
Use sessions. Period.
If you design your own cookie
system for a website I do and it will have many
different logins. I was wondering overall which most of you thought would be better
for such a thing? Wants really a pro about sessions over cookies?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED
Jason Murray pressed the little lettered thingies in this order...
I am about to write a new admin system for a website I do and
it will have many different logins. I was wondering overall which
most of you thought would be better for such a thing? Wants really
a pro about sessions
I am about to write a new admin system for a
website I do and it will have many different logins. I was wondering overall
which most of you thought would be better for such a thing? Wants really a pro
about sessions over cookies?
I am using sessions to password protect a section of a website.
I am storing the session ID in a cookie but just in case cookies are not
enabled, I am also passing the session ID in the query string to each page
in the protected directory.
Please can someone tell me if this could cause any
I don't recommend putting the Session ID in the URL. Subscibed members could
pass URL's to eachother and that way they could have eachother's settings.
""David Hynes"" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I am using sessions to password protect a
Hi, can someone point me toward a tutorial that shows how to register info
(e.g. username, login status, and user preferences) and do this in a session
without using cookies... is this even possible?
thanks!
duirfire
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail:
You can use URL mode for PHP4 session if you want session w/o cookie.
How about read this link?
http://www.zend.com/zend/tut/session.php
--
Yasuo Ohgaki
"duirfire" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hi, can someone point me toward a tutorial that
I'm using 4.04pl1 with --enable-trans-sids configured. I did the make
distclean that some people suggest in the annotated manual. The relative
URLs in forms and anchor are not getting the session id appended (neither
are the absolutes in header/Location, but I understand that a current
1 - 100 of 107 matches
Mail list logo