RE: turning use session cookies off still uses cookies?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



look at this inside the PHP.INI

; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
;   to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
;   in publically accessible computer.
; - User may access your site with the same session ID
;   always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0

vincent

-----Original Message-----
From: blackwater dev [mailto:blackwaterdev@xxxxxxxxx]
Sent: Thu 30/11/2006 14:42
To: php-general@xxxxxxxxxxxxx
Subject:  turning use session cookies off still uses cookies?
 
I asked a similar question the other day but I have been having an issue
lately with my sessions and certain browsers.  I then tried to set my
session.use_cookies var in php.ini to 0 yet if I log in and don't have
cookies turned on, the sessions still don't seem to work.  Can I really use
sessions without using cookies?  Below is my code and sessions settings.  If
I can use sessions without cookies, seems like that would solve the issue of
people having cookies turned on.

Thanks,

//this is from the login routine
 if ($this->db->getField('user_id')){

                        session_start();

$_SESSION['user']['user_id']=$this->db->getField('user_id');

$_SESSION['user']['email']=$this->db->getField('email');
                        return true;
 }

        <?
        //only show if they are logged in
        if (isset($_SESSION['user']['user_id']) && !$_REQUEST['mlsid']){
//show something
}
        ?>

Session Support enabled Registered save handlers files user Registered
serializer handlers php php_binary wddx
DirectiveLocal ValueMaster Value session.auto_startOffOff
session.bug_compat_42OffOff session.bug_compat_warnOnOn session.cache_expire
180180 session.cache_limiternocachenocache session.cookie_domain*no value**no
value* session.cookie_lifetime00 session.cookie_path// session.cookie_secure
OffOff session.entropy_file*no value**no value* session.entropy_length00
session.gc_divisor10001000 session.gc_maxlifetime14401440
session.gc_probability11 session.hash_bits_per_character55
session.hash_function00 session.namePHPSESSIDPHPSESSID session.referer_check
*no value**no value* session.save_handlerfilesfiles session.save_path
/var/lib/php/session/var/lib/php/session session.serialize_handlerphpphp
session.use_cookiesOffOff session.use_only_cookiesOffOff
session.use_trans_sid00

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux