Re: [PHP] Sessions: watertight?
- Original Message - From: "PHPCoder" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: "php-general" <[EMAIL PROTECTED]> Sent: Thursday, July 18, 2002 6:18 AM Subject: Re: [PHP] Sessions: watertight? > Thanks > OK, I have checked my phpinfo(); and the *session.use_trans_sid* = 1 ; > *session.use_cookies =* On, so I'm not sure if I need to turn the > cookies bit off, but I would think it not to be necessary. ; So, I can't > see why the URL's aren't changed on my pages... Was PHP compiled with --enable_trans_sid or whatever flag is it?? > Now, something to contemplate so long; say I DO get the URL bit right, > what method does PHP use to determine which URL's to append? Would this > method have a considerable overhead on performance? ( given that there > could be alot of session usage on my domains). Yeah, it would affect performance. Not sure how much. I imagine that's why you actually have to set a compile time option to enable this. >I'm rather interested in > the workings of this URL "detection", as it basically means that PHP > runs forward through all my pages to see where the session stops and and > it's difficult for me to see how PHP can tell which pages have to do > with which sessions. PHP knows it has to deal with sessions when you call session_start() at the beginning of the page. >Arguably one can have two session "threads" that > has some overlapping files, and my mind boggles as to how php can track > the session vars, secially if the one session thread were to use the > same session variable names ( which is surely possible right?) No, session names are unique. That's the whole idea...I use your unique session id to identify you each time you return to my pages. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions: watertight?
on 18/07/02 7:39 PM, [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: > PHP is capable of doing this transparently when compiled with > --enable-trans-sid. If you enable this option, relative URIs will be changed > to contain the session id automatically. It's worth pointing out that enable-trans-sid IS NOT bullet proof. It doesn't work on all javascripts (or any other client-side scripting, and I'm sure there's some other scenario's that it skips. It takes care of relative URLs within standard HTML. I have a feeling it doesn't work in IFRAME's, but does for FRAME's. It worth doing some testing if you go down this road. Justin French -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions: watertight?
Thanks OK, I have checked my phpinfo(); and the *session.use_trans_sid* = 1 ; *session.use_cookies =* On, so I'm not sure if I need to turn the cookies bit off, but I would think it not to be necessary. ; So, I can't see why the URL's aren't changed on my pages... Now, something to contemplate so long; say I DO get the URL bit right, what method does PHP use to determine which URL's to append? Would this method have a considerable overhead on performance? ( given that there could be alot of session usage on my domains). I'm rather interested in the workings of this URL "detection", as it basically means that PHP runs forward through all my pages to see where the session stops and and it's difficult for me to see how PHP can tell which pages have to do with which sessions. Arguably one can have two session "threads" that has some overlapping files, and my mind boggles as to how php can track the session vars, secially if the one session thread were to use the same session variable names ( which is surely possible right?) I guess my question is very academic, but I'm trying to understand the workings of sessions.. But for now, my main concern is getting PHP to work it's magic with my URL's. Thanks [EMAIL PROTECTED] wrote: >Taken straigh from the manual: >(http://www.php.net/manual/en/ref.session.php) > >[quote] >There are two methods to propagate a session id: > >- Cookies > >- URL parameter > >The session module supports both methods. Cookies are optimal, but since >they are not reliable (clients are not bound to accept them), we cannot rely >on them. The second method embeds the session id directly into URLs. > >PHP is capable of doing this transparently when compiled with >--enable-trans-sid. If you enable this option, relative URIs will be changed >to contain the session id automatically. Alternatively, you can use the >constant SID which is defined, if the client did not send the appropriate >cookie. SID is either of the form session_name=session_id or is an empty >string. >[/quote] > >Regards >Joakim Andersson > > >>-Original Message- >>From: PHPCoder [mailto:[EMAIL PROTECTED]] >>Sent: Thursday, July 18, 2002 11:17 AM >>To: php-general >>Subject: [PHP] Sessions: watertight? >> >> >>Hi >>I'm doing some reading on sessions and how it works etc, and have a >>concern (which is probably fed by my ignorance on the topic). >>The couple of "simple session examples" I have found in the PHP/MySQL >>book by Luke Welling & Laura Thompson gives a simple 3 page session >>example where the session is started on the first page, a variable is >>registered as a session var and then has a link to the next >>page where >>the session_start() is called and the session_var is echoed to >>illustrate the workings of a session. >>My understanding is that PHP will either use cookies to store the >>session ID on the client's pc, or send it via URL, so, assuming that >>cookies is a no-go, can I now assume that PHP will attach >>it's session >>ID to each and every URL located on my .php page? >>The reason I'm asking is as follow: >>I did the little excersise, and then deliberately rejected my >>browsers >>call to process the cookie, and then the script didn't return the >>variable as it did previously... >>And now, assuming that I can assume that PHP will attach the >>SID to all >>URL's , how does it know to which URL's to attach, or am I >>supposed to >>manually attach them, leaving me with another question, If I have to >>manually code the SID into the URL, then the whole session >>"coockies if >>possible" approach doesn't seem to work??? >> >>Can someone explain it in more detail for me plz? >>Thanks >> >> >> >>-- >>PHP General Mailing List (http://www.php.net/) >>To unsubscribe, visit: http://www.php.net/unsub.php >> > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Sessions: watertight?
> From: Jason Wong [mailto:[EMAIL PROTECTED]] > Sent: Thursday, July 18, 2002 11:46 AM > > Joakim, please don't take offence, I know you're being helpful but ... None taken. > ... do we really need quotes from the manual? You've already > given the pointer > which is sufficient in itself for any interested parties to > look up the > relevant information. You're right about this. Wont happen again... :-) /Joakim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions: watertight?
On Thursday 18 July 2002 17:39, [EMAIL PROTECTED] wrote: Joakim, please don't take offence, I know you're being helpful but ... > Taken straigh from the manual: > (http://www.php.net/manual/en/ref.session.php) > > [quote] > There are two methods to propagate a session id: [snip] ... do we really need quotes from the manual? You've already given the pointer which is sufficient in itself for any interested parties to look up the relevant information. -- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * /* Only people with names beginning with 'A' are getting mail this week (a la Microsoft) */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Sessions: watertight?
Taken straigh from the manual: (http://www.php.net/manual/en/ref.session.php) [quote] There are two methods to propagate a session id: - Cookies - URL parameter The session module supports both methods. Cookies are optimal, but since they are not reliable (clients are not bound to accept them), we cannot rely on them. The second method embeds the session id directly into URLs. PHP is capable of doing this transparently when compiled with --enable-trans-sid. If you enable this option, relative URIs will be changed to contain the session id automatically. Alternatively, you can use the constant SID which is defined, if the client did not send the appropriate cookie. SID is either of the form session_name=session_id or is an empty string. [/quote] Regards Joakim Andersson > -Original Message- > From: PHPCoder [mailto:[EMAIL PROTECTED]] > Sent: Thursday, July 18, 2002 11:17 AM > To: php-general > Subject: [PHP] Sessions: watertight? > > > Hi > I'm doing some reading on sessions and how it works etc, and have a > concern (which is probably fed by my ignorance on the topic). > The couple of "simple session examples" I have found in the PHP/MySQL > book by Luke Welling & Laura Thompson gives a simple 3 page session > example where the session is started on the first page, a variable is > registered as a session var and then has a link to the next > page where > the session_start() is called and the session_var is echoed to > illustrate the workings of a session. > My understanding is that PHP will either use cookies to store the > session ID on the client's pc, or send it via URL, so, assuming that > cookies is a no-go, can I now assume that PHP will attach > it's session > ID to each and every URL located on my .php page? > The reason I'm asking is as follow: > I did the little excersise, and then deliberately rejected my > browsers > call to process the cookie, and then the script didn't return the > variable as it did previously... > And now, assuming that I can assume that PHP will attach the > SID to all > URL's , how does it know to which URL's to attach, or am I > supposed to > manually attach them, leaving me with another question, If I have to > manually code the SID into the URL, then the whole session > "coockies if > possible" approach doesn't seem to work??? > > Can someone explain it in more detail for me plz? > Thanks > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
