On 09 May 2007 16:36, [EMAIL PROTECTED] wrote:
Ford, Mike writes:
You can also set up php.ini and use the built-in sessions with
http://php.net/session_start so that PHP will take care of this
for you.
That is what I was intending to do. How do I find out if
whether or
Mike,
Thanks for the super clear explanation.
This brings up a question. In order to decide whether to use
cookies or SID the built-in sessions must be testing to see if
the user's browser will accept the session cookies. How do
they do that?
By sending it out and checking to see
[EMAIL PROTECTED] wrote:
That being the case I can never find out (using the built-in
sessions) until the second page request and it will always
include the session cookie in the URL. Which means the value
of the seesion cookie will be exposed, even if I am using SSL.
:( Back to the drawing
On May 10, 2007, at 11:40 AM, Richard Davey wrote:
[EMAIL PROTECTED] wrote:
That being the case I can never find out (using the built-in
sessions) until the second page request and it will always
include the session cookie in the URL. Which means the value
of the seesion cookie will be
Edward Vermillion wrote:
And the session id is open to being stored in a bookmark or worse, sent
to someone else through a cut and paste of the URL.
Depending on what information that id controls and how long the sessions
are kept around id's in the URL could be a very bad thing indeed.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 08 May 2007 20:57
You can also set up php.ini and use the built-in sessions with
http://php.net/session_start so that PHP will take care of this for
you.
That is what I was intending to do. How do I
On Wed, May 9, 2007 10:36 am, [EMAIL PROTECTED] wrote:
This brings up a question. In order to decide whether to use cookies
or SID the built-in sessions must be testing to see if the user's
browser will accept the session cookies. How do they do that?
The same way you would do it.
Actually,
On Tue, May 8, 2007 2:56 pm, [EMAIL PROTECTED] wrote:
Richard Lynch writes:
Send one cookie, see if it comes back, and if it does, tie
everything to that cookie.
OK. So how do I see if it comes back?
if (isset($_COOKIE['foo'])){
//cookie came back
}
else{
//cookie did NOT come back
}
On Tue, May 8, 2007 5:50 pm, itoctopus wrote:
setcookie(cookie_name, value);
//redirect to another page using header
header(location:.$your_url);
This will fail on some legacy browsers, if you need legacy browser
support.
In *MOST* architectures, your visitor can be given the cookie on a
page
I don't use cookies when I use sessions.. Saves hassles
Regards
Chris Kay
-Original Message-
From: Erwin [mailto:erwin;isiz.com]
Sent: Monday, 4 November 2002 6:50 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Re: Session cookies
When the user logs in , i create a session
Hi Jeff,
I manage the website for the credit report reseller. We don't normally
use cookie but we use session only. You were expressing some concern about
someone knowing the session id. What we normally use is we used the
encrypted session id and use use long aphanumeric number. This
Chris and I have been working on this through private emails, and we (I mean
he) finally figured out what the problem was...
session.cookie_path was set to /tmp instead of /.
I wanted to thank him for taking the time to help me work through this...
Jeff
Chris Shiflett [EMAIL PROTECTED] wrote
I put this block of code in, and all of the array's they should send back
are 100% blank. I will try the protoscope to see what I can turn up on
this.
Chris Shiflett [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Jeff,
One quick thought ...
Is your cookie
ok - no cookie exists... I have Netscape set to accept all cookies. I'm
wondering if it is in my link, or if it is a configuration error somewhere.
here is a copy of the session options from my php.ini (as copied from Zend
Server Center)
Session data handler files
Session save path/tmp
Use
Jeff,
One quick thought ...
Is your cookie domain the same domain as the URL domain you are using to
test this? If not, the browser will not send the cookie, so that is a
potential reason for this behavior.
If the domain is the same, I see no reason why this shouldn't work, but
I have two
I responded to this in a private email to you, and not on the forum... I
did respond. I will post here again so there is no question;
I want to force it to use a cookie that points to a transparent SID on
my system.
what I mean by this is it was my understanding when reading the sessions
Jeff,
My apologies then. Somehow your response never arrived. It is still best
to always reply all for things like this. You get the benefit of
hearing several people's perspectives, and you also potentially help
others who have the same question now or who may have it in the future
(and
You've already posted this, and you never answered the questions that
were asked. Thus, your question is every bit as unclear as the previous
time.
Perhaps if you put forth a little effort, we might also.
Just a helpful suggestion,
Chris
Jeff Bluemel wrote:
still looking for some solutions
18 matches
Mail list logo
