RE: [PHP] turning use session cookies off still uses cookies?

Thu, 30 Nov 2006 07:15:48 -0800 

look at this inside the PHP.INI

; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
;   to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
;   in publically accessible computer.
; - User may access your site with the same session ID
;   always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0

vincent

-----Original Message-----
From: blackwater dev [mailto:[EMAIL PROTECTED]
Sent: Thu 30/11/2006 14:42
To: php-general@lists.php.net
Subject: [PHP] turning use session cookies off still uses cookies?
 
I asked a similar question the other day but I have been having an issue
lately with my sessions and certain browsers.  I then tried to set my
session.use_cookies var in php.ini to 0 yet if I log in and don't have
cookies turned on, the sessions still don't seem to work.  Can I really use
sessions without using cookies?  Below is my code and sessions settings.  If
I can use sessions without cookies, seems like that would solve the issue of
people having cookies turned on.

Thanks,

//this is from the login routine
 if ($this->db->getField('user_id')){

                        session_start();

$_SESSION['user']['user_id']=$this->db->getField('user_id');

$_SESSION['user']['email']=$this->db->getField('email');
                        return true;
 }

        <?
        //only show if they are logged in
        if (isset($_SESSION['user']['user_id']) && !$_REQUEST['mlsid']){
//show something
}
        ?>

Session Support enabled Registered save handlers files user Registered
serializer handlers php php_binary wddx
DirectiveLocal ValueMaster Value session.auto_startOffOff
session.bug_compat_42OffOff session.bug_compat_warnOnOn session.cache_expire
180180 session.cache_limiternocachenocache session.cookie_domain*no value**no
value* session.cookie_lifetime00 session.cookie_path// session.cookie_secure
OffOff session.entropy_file*no value**no value* session.entropy_length00
session.gc_divisor10001000 session.gc_maxlifetime14401440
session.gc_probability11 session.hash_bits_per_character55
session.hash_function00 session.namePHPSESSIDPHPSESSID session.referer_check
*no value**no value* session.save_handlerfilesfiles session.save_path
/var/lib/php/session/var/lib/php/session session.serialize_handlerphpphp
session.use_cookiesOffOff session.use_only_cookiesOffOff
session.use_trans_sid00

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to