|
Posted by Nick Howes on 11/29/05 13:29
Hi there. Reposted to the newsgroup in case anyone else is curious.
flintridgeparkenfarker vonkerschnauzerheiden wrote:
> Thanks Nick. I didn't think I'd ever get help with this.
>
> My problem is not understanding the session/cookie mechanism. The
> manual avoids sessions w/cookies.
>
> So, am I correct in understanding that the SID must be included in the
> URL/URI in order for values within $_SESSION to remain intact
> throughout the session?
If you're not using cookies, yes. It just needs some way for the user to
send the SID, whether that's in the URL, or in a cookie.
> When I do include the SID, the sessions work; but I've read that that
> is the least secure method. Cookies are the most secure.
> Unfortunatetly, cookies don't work for me the same way passing the SID
> in the URL works.
>
> My main question is: "Is session data stored within the session files
> (per php.ini) when cookies are enabled, or is session information
> stored within the browser's cookies? Because even though session files
> are updated, the data is not retrieved when the browser navigates to a
> new page and I haven't found cookies saved by the browser pertaining
> to the session; just session files which the browser(/php) is unable
> to access.
The cookies don't store any of the session data, it's still stored on
the server in session files and the cookie just has the SID in it.
If you have cookies enabled and you have session_start() at the top,
then that should be all you need to do to maintain a session.
You could try printing the output of phpinfo() and have a look at the
values of session.use_cookies and session.only_use_cookies.
>
> (This is all local. Everything is being developed on WinXP, IE6, PHP5,
> Apache 2)
>
> I'd sure appreciate any insights you might offer. I've been trying for
> months to get this to work.
>
> Thank you much...
>
> joe
>
> */Nick <news@nickhowes.co.uk>/* wrote:
>
> joeblow wrote:
> > Nope. Back to where I started from. As soon as I removed SID
> from the
> > hyperlinks, I lost my $_SESSION data. Oh well, it's gotta be
> here somewhere.
> >
>
> Is "--enable-trans-sid" enabled in your PHP? That is the feature that
> adds SID to links transparently. If this isn't enabled then you
> have to
> insert SID yourself. you can find out by calling phpinfo() and see if
> it's mentioned at the top.
>
[Back to original message]
|