Have a questions about sessions. In building a simple app do I have to include the session id in the url string or in a hidden tag? or does it normally track it by cookies and so I dont have to call it on every page?
thoughts on best way to do this
I'm trying to learn this myself. It seems to make a difference what version you are running and what the settings are whether it wil semi-automatically update from cookies or the url. A 'hidden tag' doesn't really exist, either it's in a cookie or it's in the url in which case you need a secure connection if you don't want people to be able to hijack the session ID from the url.
Here's more of my notes:
http://www.php.net/session
I've got PHP 4.22 with "register globals" off so each global variable cannot be registered as session variables.
# Registering a variable with $_SESSION #
session_start();
if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
} else {
$_SESSION['count']++;
}
unset($_SESSION['count']);I need to turn on session.use_trans_sid for easy but insecure transparent transforming of links (URIs will be changed to contain the session id automatically).
use session_set_save_handler() to create a set of user-level storage functions. http://us4.php.net/manual/en/function.session-set-save-handler.php
session_cache_expire
session_cache_limiter
session_decode -- Decodes session data from a string
session_destroy
session_encode -- Encodes the current session data as a string
session_get_cookie_params
session_id -- Get and/or set the current session id
registered in a session
session_module_name -- Get and/or set the current session module
session_name -- Get and/or set the current session name
session_regenerate_id -- Update the current session id with a newly generated one
current session
session_save_path
session_set_cookie_params
session_set_save_handler -- Sets user-level session storage functions
session_start -- Initialize session data
session
session_write_close -- Write session data and end, alias session_commit
pre-4.3 versions or with "register globals" off don't use these: # session_unset -- Free all session variables # session_is_registered -- Find out whether a global variable is # session_register -- Register one or more global variables with the # session_unregister -- Unregister a global variable from the current
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
