Re: _SESSION weirdness behind a NAT firewall/router: bug? — PHP Programming Language

You are here: Re: _SESSION weirdness behind a NAT firewall/router: bug? « PHP Programming Language « IT news, forums, messages

Posted by axlq on 07/30/06 15:29

In article <8oudnZWwZoMwVVHZnZ2dnUVZ_vSdnZ2d@comcast.com>,
Jerry Stuckle <jstucklex@attglobal.net> wrote:
>axlq wrote:
>> The real problem is that the web hosting server seems to think that
>> every computer on my home network shares the same session ID, and I
>> don't know what to do about it. I haven't made the web site public
>> yet. I certainly can't do so as long as $_SESSION poses such a huge
>> security risk. There are much more than just home networks behind
>> NAT firewall/routers. If multiple people in a large organization
>> try to access my site, all kinds of conflicts will occur.
>
>The web server doesn't keep track of the session like that. It sends a
>cookie to the browser with the session id, and the browser keeps track
>of the id.

It sends a cookie to ONE browser. Once this cookie is set and the
session established on the server, the cookie doesn't seem to get
used any more.

>However, that also depends on your PHP.INI file. You should have
>session.use_cookies = 1
>in your php.ini file.

It's set that way already.

>But I'm also not sure why you're using those other calls - such as
>session_save_path and session_name(). These should be set up in your
>php.ini file and you shouldn't need to override them.

Two reasons:

1. This is a shared server, I don't own php.ini, I didn't want to
use the /tmp path already set in it, and I didn't like the default
session name set in it.

2. I can set my own php.ini, but I may have multiple web sites under
the same account, so I preferred having each site's sessions have
their own path -- therefore I set session_save_path and session_name
in the script. It shouldn't make any difference as long as these
settings are consistent in every invocation of my scripts.

>I'm also not sure why you're using set_cookie on the session name.

That's only to delete the session cookie when logging off. This was
recommended in a php documentation page somewhere, so I pretty much
just lifted the code from there. set_cookie isn't used anywhere else
on my site except for the one logoff script.

-A

Navigation:

Next in forum: Re: 1 - 2 millions files in one folder?
Prev in forum: Re: Problems with unicode utf8
Thread view: Re: _SESSION weirdness behind a NAT firewall/router: bug?

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация