RE: [PHP] Sessions: I don't get it!!
To view the terms under which this email is distributed, please go to
http://disclaimer.leedsmet.ac.uk/email.htm
On 15 November 2004 06:13, [EMAIL PROTECTED] wrote:
Looks like you're making it way more complicated than it
needs to be. PHP
will automatically tack on the Session ID tag to your local
url's, but only
if it needs to. There is no need to append the SID to url's manually.
Not to most URLs, no, but if the SID is being passed in the URL you *must*
append it to any header(Location: ...) URL.
Fortunately, this, too, is easy, and the OP was making it way more
complicated than it needs to be! ;) The constant SID only contains the
session name and id *when it needs to* -- otherwise it's defined as the
empty string. So you can unconditionally append it to URLs and get the
right result:
header('Location: simple2.php?'.SID);
The only tidying-up you might want to do, if you're really obsessional about
neatness, is suppress the '?' if SID is empty, so:
header('Location: simple2.php'.SID?('?'.SID):'');
I can't see any benefit in applying strip_tags() to SID, unless you're
terminally paranoid -- as it's generated internally by PHP, there shouldn't
be any way it can contain anything that strip_tags() would defend against.
Cheers!
Mike
-
Mike Ford, Electronic Information Services Adviser,
Learning Support Services, Learning Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Headingley Campus, LEEDS, LS6 3QS, United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sessions: I don't get it!!
I'd like to do something with sessions that should be easy. But I'm new
to this, and obviously I'm missing something somewhere...
I want to use cookies if the visitor allows, but tack the session info
(SID) get style on the URL of a linked page *only if* the visitor
blocks cookies. I've tried a lot of variations, but nothing really
works. I either get the entire SID value in the URL (even if cookies
are accepted), or the SID doesn't show up in the URL, which means it
works only with visitors who accept cookies.
Below is my most recent attempt. simple.php detects whether the visitor
accepts cookies by forcing a page reload (my thanks to Chris Shiflett),
then attempts a redirection, based on whether cookies are accepted.
Doesn't work.
Anyone got any ideas?
TIA.
-
?
# simple.php
ini_set('session.use_trans_sid', 0);
ini_set('session.use_cookies', 1);
ini_set('register_globals', 0);
session_start();
if (! isset($_GET['cac'])) {
header('Set-Cookie: accept_cookies=yes');
header('Location: ' . $_SERVER['PHP_SELF'] . '?cac=1');
}
$_SESSION['accepts_cookies'] = isset($_COOKIE['accept_cookies']);
$_SESSION['session_num'] = session_id();
if ($_SESSION['accepts_cookies']) {
header('location: simple2.php');
}
else {
header('location: simple2.php?'. strip_tags(SID));
}
die;
?
--
?
# simple2.php
//ini_set('session.use_trans_sid', 0);
//ini_set('session.use_cookies', 1);
//ini_set('session.use_only_cookies', 1);
//ini_set('register_globals', 0);
session_start();
?
html
head
titleProcessing Error/title
meta http-equiv=Content-Type content=text/html; charset=iso-8859-1
/head
body
? echo Old Session ID: . $_SESSION['session_num'] . br;
echo This Session ID: . session_id() . br;
echo SID: . SID . br; ?
blockquote
?
echo
?
/blockquote
/body
/html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Sessions: I don't get it!!
Looks like you're making it way more complicated than it needs to be. PHP
will automatically tack on the Session ID tag to your local url's, but only
if it needs to. There is no need to append the SID to url's manually.
Nate
-Original Message-
From: Don [mailto:[EMAIL PROTECTED]
Sent: Sunday, November 14, 2004 9:54 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Sessions: I don't get it!!
I'd like to do something with sessions that should be easy. But I'm new
to this, and obviously I'm missing something somewhere...
I want to use cookies if the visitor allows, but tack the session info
(SID) get style on the URL of a linked page *only if* the visitor
blocks cookies. I've tried a lot of variations, but nothing really
works. I either get the entire SID value in the URL (even if cookies
are accepted), or the SID doesn't show up in the URL, which means it
works only with visitors who accept cookies.
Below is my most recent attempt. simple.php detects whether the visitor
accepts cookies by forcing a page reload (my thanks to Chris Shiflett),
then attempts a redirection, based on whether cookies are accepted.
Doesn't work.
Anyone got any ideas?
TIA.
-
?
# simple.php
ini_set('session.use_trans_sid', 0);
ini_set('session.use_cookies', 1);
ini_set('register_globals', 0);
session_start();
if (! isset($_GET['cac'])) {
header('Set-Cookie: accept_cookies=yes');
header('Location: ' . $_SERVER['PHP_SELF'] . '?cac=1');
}
$_SESSION['accepts_cookies'] = isset($_COOKIE['accept_cookies']);
$_SESSION['session_num'] = session_id();
if ($_SESSION['accepts_cookies']) {
header('location: simple2.php');
}
else {
header('location: simple2.php?'. strip_tags(SID));
}
die;
?
--
?
# simple2.php
//ini_set('session.use_trans_sid', 0);
//ini_set('session.use_cookies', 1);
//ini_set('session.use_only_cookies', 1);
//ini_set('register_globals', 0);
session_start();
?
html
head
titleProcessing Error/title
meta http-equiv=Content-Type content=text/html; charset=iso-8859-1
/head
body
? echo Old Session ID: . $_SESSION['session_num'] . br;
echo This Session ID: . session_id() . br;
echo SID: . SID . br; ?
blockquote
?
echo
?
/blockquote
/body
/html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
