subject:"\[PHP\] PHP 4 SESSION ONLY COOKIE \- 1 attachment"

[PHP] PHP 4 SESSION ONLY COOKIE - 1 attachment

2003-11-14 Thread Dominik W.

With the following script, i cannot create a session with 
session.use_only_cookies 'on'
When i login, the server NEVER set a cookie with the sessionID on my 
client... and he adds the SID to all my relating links on page.

What i want is a session, that saves the sid in a cokkie at the clients 
pc and NOT to add the SID to the relating links.

Thats my sourcecode:

Can U give me an answer what is wrong?
- Cookies are allowed in my browser
- session.use_cookies 'on'
- transid 'on'  (could only be changed by serveradmins)


?PHP

//error_reporting(15);

ini_set(session.use_only_cookies, 1);



Verbindung 
öffnen//

include('connect.php'); 
$verbindung = @mysql_connect($IP,$USER,$PWD);

if (!$verbindung){
echo Keine Verbindung möglich!\n;
exit;
}else{




/LOGIN///


  //cookieabfrage
$logincookiename = $tblprefix.'SID';   //def. cookiename

if($$logincookiename != ''){
session_id($$logincookiename);//SID auf die im Cookie 
gespeicherte setzen 
}
  //cookieabfrage

session_start();
$_SESSION['zaehler'] = 1;

$test = session_id();

$db_select = @MYSQL_SELECT_DB($DB);

$result = mysql_query(SELECT username FROM .$tblprefix._users WHERE 
sessionID = 'session_id()' );
$sessionsfound = mysql_num_rows($result);

   //Session deleten wenn nicht eingeloggt
if ($sessionsfound != 1){
session_unset();
setcookie( session_name() ,,0,/);
$_SESSION = array();
session_destroy();
}

$session_id_string = session_id();

//login - TRUE
if (($login == 'true')  ($session_id_string == '')){

$login = '';

$abfrage = SELECT username, password FROM .$tblprefix._users WHERE 
username = '$loginname';
$erg = mysql_db_query($DB,$abfrage,$verbindung);
list ($username,$password) = mysql_fetch_row($erg);

if ($username == ''){
$content = 'errors/login.php?error=loginname';
}else{
$abfrage = SELECT loginversuche FROM .$tblprefix._users WHERE 
username = '$username';
$erg = mysql_db_query($DB,$abfrage,$verbindung);
list ($loginversuche) = mysql_fetch_row($erg);

if($loginversuche  5){


if($password == md5($loginpassword)){

$abfrage = SELECT sessionID FROM .$tblprefix._users 
WHERE username = '$username';
$erg = mysql_db_query($DB,$abfrage,$verbindung);
list ($sessionID) = mysql_fetch_row($erg);

$abfrageupdate = UPDATE .$tblprefix._users SET 
lastsessionID = '$sessionID' WHERE username = '$username';
$ergupdate = mysql_db_query($DB,$abfrageupdate,
$verbindung);



$abfrageupdate = UPDATE .$tblprefix._users SET 
loginversuche = '0' WHERE username = '$username';
$ergupdate = mysql_db_query($DB,$abfrageupdate,
$verbindung);

if($dauerhafteslogin=='true'){
$dauerhafteslogin='';
setcookie($logincookiename ,session_id(),0,/); 
//cookie fuer dauerhaftes Login setzen
}

session_start();
$_SESSION['zaehler'] = 1;

$abfrageupdate = UPDATE .$tblprefix._users SET 
sessionID = session_id() WHERE username = '$username';
$ergupdate = mysql_db_query($DB,$abfrageupdate,
$verbindung);

$content = 'login/status.php';
}else{
++$loginversuche;

$abfrageupdate = UPDATE .$tblprefix._users SET 
loginversuche = '$loginversuche' WHERE username = '$username';
$ergupdate = mysql_db_query($DB,$abfrageupdate,
$verbindung);

$content = 'errors/login.php?error=password';
}
}else{
$content = 'errors/login.php?error=accountblocked';
}
}
}
ENDE login TRUE///  

if (session_id() != ''){
echo u are logged in!br;
echo session_id();
}else{
echonot logged in;
}
?
}

begin 644 Warcraft III.lnk
[EMAIL PROTECTED];3(,^-_O^A,,!`##!AWF$PP$`
MY_'[_H3#`0#P`P```0$!%``?4.!/T#J.FD0
MHM@(`LP,)T9`[EMAIL PROTECTED]
M$`!34$E%3$4``0``P`$`.^^UP$.#HO`+`44P!P`D`90!L`46
M`$0`,0``.R^[;A``5T%20U)!?C(``P``P`$`.^^.R^[;CHO`+`4
M5P!A`'(`8P!R`[EMAIL PROTECTED]``,[EMAIL PROTECTED](`!705)#4D%^
M,[EMAIL PROTECTED];CHO`+`45P!A`'(`8P!R`[EMAIL PROTECTED]``
M20!)[EMAIL PROTECTED]'@`90```!P```!'`$-P!=
MP,```#=%38H$$1!5$5.(#U1T(`13I4W!I96QE7%=AF-R
M869T(#-5V%R8W)[EMAIL PROTECTED])+F5X90``%`!%`#H`7`!3`'``:0!E`P`90!
M`%`80!R`,`@!A`[EMAIL

Re: [PHP] PHP 4 SESSION ONLY COOKIE - 1 attachment

2003-11-14 Thread Chris Shiflett

--- Dominik W. [EMAIL PROTECTED] wrote:
 With the following script, i cannot create a session with 
 session.use_only_cookies 'on'
 When i login, the server NEVER set a cookie with the sessionID on my 
 client... and he adds the SID to all my relating links on page.

I'm going to make a guess at two things:

1. Your browser is set to not accept cookies.
2. You have session.use_trans_sid enabled in your php.ini.

Can you check these things?

Hope that helps.

Chris

=
Chris Shiflett - http://shiflett.org/

PHP Security Handbook
 Coming mid-2004
HTTP Developer's Handbook
 http://httphandbook.org/
RAMP Training Courses
 http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP 4 SESSION ONLY COOKIE - 1 attachment

2003-11-14 Thread Dominik W.


1.) i have tested my browser in all security moeds... in NO mode i can 
recognize a resutl!

2.) session.use_trans_sid = on but only the serveradmin can change this.
could i not avoid the script from adding the SID to the relating links 
by setting session.user_only_cookies = on ?


Is it possible that i MUST register a variable, before php set a cookie un 
client ?? 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP 4 SESSION ONLY COOKIE - 1 attachment

Re: [PHP] PHP 4 SESSION ONLY COOKIE - 1 attachment

Re: [PHP] PHP 4 SESSION ONLY COOKIE - 1 attachment

3 matches

Site Navigation

Mail list logo

Footer information