Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PHPSESSID in bookmark

Status
Not open for further replies.
elck

elck

Programmer
Apr 19, 2004
176
NL
People often copy url's from the addressbar.
Sometimes (mostly the second page that is called in a session) PHP adds PHPSESSID's to any link on a page.
ex:

Suppose I detect this in javascript and then reload the page. It would get rid of the ID, but what would happen if someone has turned off cookies etc.?

It does not seem a save way.
Does anyone have experiences or knows of another way?
 
Sort by date Sort by votes
PHP will add session IDs to URLs only if allowed to do so. This behavior is set by session.use_cookies, session.use_trans_sid and session.use_only_cookies. You likely will not have to strip off anything in JavaScript if you reconfigure PHP.


The only way to implement sessions is to transmit a session identifier around. There are only three possible ways to do hand off that identifier: on the URL (GET method), in a field of a POST-method form (POST method) and via cookies (cookie method).

All three methods expose the identifier in some way or another. It's just that GET method makes the identifier the most readily visible.


Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
In it states, as far as I understand, that there is no way to change session.use_trans_sid once the file started. A bug that was fixed in php5 (which I do not have)

I tried your suggestions and it did not work.
Code: 
<?php
ini_set('session.use_cookies',"1"); 
ini_set('session.use_only_cookies',"1"); 
ini_set('session.use_trans_sid',"1"); 


session_start();
 
Upvote 0 Downvote
Actually, now that I think about it, shouldn't this:

ini_set('session.use_trans_sid',"1");

be this:

ini_set('session.use_trans_sid',"0");

? Not that it will matter, of course, if you're running a verion of PHP affected by the bug. But the bug report you mention stated that the affected version was 4.3.2, and there are versions of PHP between that one and 5.0, and those versions will be fixed, too.


Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Yep, my version is 4.3.1 and I tried both "0" and "1"
so it seems I'm back to the original question.

Anyone ever tried to get around the bug with javascript?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

W
  • Locked
  • Question
how to send checked row data in php
Replies
0
Views
125
wiltang2004
W
SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
453
SashaBuilder3
SashaBuilder3
EdLentz
  • Locked
  • Question
Partial link in email
Replies
1
Views
240
spamjim
spamjim
PeDa
  • Locked
  • Question
Unwanted spaces in php HTML mail 1
Replies
4
Views
374
PeDa
PeDa
ersatz
  • Locked
  • Question
How to send 2 select from mysql database in email like tables
Replies
5
Views
582
ersatz
ersatz

Part and Inventory Search

Sponsor

Back
Top