RE: [PHP] Sessions question (-enable-trans-sid)
Thanks to all for their help on this. As a follow-up, and after a bunch of playing around with this yesterday, here's what I've come to learn. Perhaps it will be helpful to others: With enable-trans-id compiled into PHP and the following directives in php.ini: session.use_cookies = 0(PHP uses cookies for sessions - off) session.use_trans_sid = 1 (PHP uses enable-trans-id for sessions - on) PHP will automatically append the SID to the end of relative links 100% of the time and will not use cookies no matter whether the user has cookies enabled for their browser or not. In the following case (and I presume the more normal way of doing things): session.use_cookies = 1(PHP uses cookies for sessions - on) session.use_trans_sid = 1 (PHP uses enable-trans-id for sessions - on) PHP will behave the same way for those users that do *not* have cookies enabled for their browser as in the first example, i.e. append links 100% of the time. However, for those users that have cookies enabled for their browser, PHP will append the SID to the links only on the first hit to a page. Then, when a user requests the next page, the auto-rewriting of the URI's stops and cookies are used from that point forward. Actually, that all makes sense, as the first time a user requests a page, there's no way for PHP to know if the browser will accept cookies or not. But, on the second request, the browser will send the cookie back to PHP (along with the appended URI), and PHP from that point on knows that the browser accepts cookies and PHP will then drop the rewriting of the URI's. I hope I've got this all correct. The one observation I'd make in regards to using cookies vs. URI's to maintain the session is this (and please someone correct me if I'm wrong): If a user does *not* have cookies enabled for their browser, you can lose the session if the user hits an html page at your site (because PHP will not be involved and will not rewrite the URI's for the .html page). Not good. If a user *does* have cookies enabled, they can hit non-PHP pages all they want and when they get back to a PHP page, the session is still intact. So, it would seem, while the SID being appended to all URI's should work for all users, non-PHP pages will break the session (not good). And, as for the cookie method, not all users have cookies enabled for their browser (also, not good). Therefore, IMO, neither the cookie method or appending the URI method will work as you'd like 100% of the time. I suppose one thing you could do so that non-PHP pages won't break the session for those users that don't have cookies enabled would be to just run every page in your site through PHP. That way, the URI's for every page will be appended with the SID, and maybe that's the way to go. Anyway, I hope I've got this all right and I hope it helps someone. Jeff -Original Message- From: Jeff Field [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 11:56 AM To: [EMAIL PROTECTED] Subject: [PHP] Sessions question (-enable-trans-sid) Hi, I'm confused about one thing regarding sessions and haven't been able to find the definitive answer anywhere. Hopefully, I can here. There are two ways to enable sessions: 1) Session ID is passed through cookies 2) Session ID is passed through the URL, either done manually or by automatic URL rewriting All the books, tutorials, etc. basically say that cookies are the way to go but when users don't have cookies enabled, you have to use the URL method. Since I have an e-commerce site that is available to the world, I'm assuming *some* are not going to have cookies enabled. Duh! So, from what I've read, you can implement the URL method of sessions by either manually attaching the session ID to the URLs, or, by compiling PHP with enable-trans-sid, which will add the session ID to the URL's automatically. The answer that I haven't been able to find is this: Is this a one or the other proposition? IOW, if I implement sessions with cookies, then I can't use the URL method? Or, if I implement the URL method (with enable-trans-sid), I can't use the cookie method? Or, do they work in combination. IOW, does PHP automatically know that if a user has cookies enabled, PHP will use the cookie method and, when cookies are *not* enabled, PHP automatically implements the URL method? Thanks for the help! Jeff -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions question (-enable-trans-sid)
I'm sure this is not a definitive answer, but I would assume that since you would be passing the information through both the URI and Cookies, it will work regardless of cookies enabled or disabled. On the other hand, if you are passing the session id through the URI in the first place, you don't have to worry about cookies being on at all. Just some idle speculation, I've never tried to use both at the same time. Martin Jeff Field [EMAIL PROTECTED] 06/05/02 12:56PM Hi, I'm confused about one thing regarding sessions and haven't been able to find the definitive answer anywhere. Hopefully, I can here. There are two ways to enable sessions: 1) Session ID is passed through cookies 2) Session ID is passed through the URL, either done manually or by automatic URL rewriting All the books, tutorials, etc. basically say that cookies are the way to go but when users don't have cookies enabled, you have to use the URL method. Since I have an e-commerce site that is available to the world, I'm assuming *some* are not going to have cookies enabled. Duh! So, from what I've read, you can implement the URL method of sessions by either manually attaching the session ID to the URLs, or, by compiling PHP with enable-trans-sid, which will add the session ID to the URL's automatically. The answer that I haven't been able to find is this: Is this a one or the other proposition? IOW, if I implement sessions with cookies, then I can't use the URL method? Or, if I implement the URL method (with enable-trans-sid), I can't use the cookie method? Or, do they work in combination. IOW, does PHP automatically know that if a user has cookies enabled, PHP will use the cookie method and, when cookies are *not* enabled, PHP automatically implements the URL method? Thanks for the help! Jeff -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions question (-enable-trans-sid)
If you compile it with --enable-trans-sid, then PHP will use cookies when they are available and if they are not, it'll append the SID to links and forms. Basically, it's automatic. ---John Holmes... - Original Message - From: Jeff Field [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, June 05, 2002 12:56 PM Subject: [PHP] Sessions question (-enable-trans-sid) Hi, I'm confused about one thing regarding sessions and haven't been able to find the definitive answer anywhere. Hopefully, I can here. There are two ways to enable sessions: 1) Session ID is passed through cookies 2) Session ID is passed through the URL, either done manually or by automatic URL rewriting All the books, tutorials, etc. basically say that cookies are the way to go but when users don't have cookies enabled, you have to use the URL method. Since I have an e-commerce site that is available to the world, I'm assuming *some* are not going to have cookies enabled. Duh! So, from what I've read, you can implement the URL method of sessions by either manually attaching the session ID to the URLs, or, by compiling PHP with enable-trans-sid, which will add the session ID to the URL's automatically. The answer that I haven't been able to find is this: Is this a one or the other proposition? IOW, if I implement sessions with cookies, then I can't use the URL method? Or, if I implement the URL method (with enable-trans-sid), I can't use the cookie method? Or, do they work in combination. IOW, does PHP automatically know that if a user has cookies enabled, PHP will use the cookie method and, when cookies are *not* enabled, PHP automatically implements the URL method? Thanks for the help! Jeff -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions question (-enable-trans-sid)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 * and then 1LT John W. Holmes declared If you compile it with --enable-trans-sid, then PHP will use cookies when they are available and if they are not, it'll append the SID to links and forms. Basically, it's automatic. Hmmm I've had a problem with this: I have --enable-trans-sid but I see url appends on my browser when I *know* cookies are working. Any reason for that? - -- Nick Wilson // www.explodingnet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE8/nnOHpvrrTa6L5oRAgaQAJ9V6HNkSyI4QnADFhOg+dJ/q71UHwCfYmCE X8M7cSVafv4ThCSH5zhmxKU= =dEox -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions question (-enable-trans-sid)
Hmmm I've had a problem with this: I have --enable-trans-sid but I see url appends on my browser when I *know* cookies are working. Personally I cant say this is a bad thing... not all browsers enable cookies and they can be messy and insecure at times (eg: cross domain issues). Placing in the URL may make it look a bit messier (the URL that is) but its much more compatable. Just my 2 cents. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions question (-enable-trans-sid)
I guess PHP just can't tell that cookies are enabled. I'm sure the method isn't full proof. Your sessions get through either way, so what's the big deal? ---John Holmes... - Original Message - From: Dan Hardiker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, June 05, 2002 4:50 PM Subject: Re: [PHP] Sessions question (-enable-trans-sid) Hmmm I've had a problem with this: I have --enable-trans-sid but I see url appends on my browser when I *know* cookies are working. Personally I cant say this is a bad thing... not all browsers enable cookies and they can be messy and insecure at times (eg: cross domain issues). Placing in the URL may make it look a bit messier (the URL that is) but its much more compatable. Just my 2 cents. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions question (-enable-trans-sid)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 * and then 1LT John W. Holmes declared I guess PHP just can't tell that cookies are enabled. I'm sure the method isn't full proof. Your sessions get through either way, so what's the big deal? Mainly in SEO stuff. If an SE like google as a good example picks up the PHPSESSID=slkfjdsjfsdlkf and then comes back and gets a different id next time you can lose page rank for duplicate content. Big deal indeed i'd say. - -- Nick Wilson // www.explodingnet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE8/o7FHpvrrTa6L5oRAkYuAKCD/9s4L2X7DK9oVsWZmI0Hq6mk2QCgnIZk 4uJyIEUuzPEnPdwmIFWDqLk= =fm70 -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php