Session maintenance

I'm trying to get a better feel for exactly how sessions work.

At the beginning of a web page, I do either a session_start() or a
session_register(...). When the user goes to the next page, I know the page
needs to get the SSID. I know I can send it as a cookie, hidden field, etc,
but what other ways are available to send it? For example, I know that
session_registering variables at the top of the second page works.

If the user visits any pure html pages (extension html), how can I get the
session back when they come back to my php pages. Without php on the page,
how can I propagate the SSID?

thanks in advance
---Michael

re: Session maintenance

Michael Satterwhite wrote:[color=blue]
> I'm trying to get a better feel for exactly how sessions work.
>
> At the beginning of a web page, I do either a session_start() or a
> session_register(...). When the user goes to the next page, I know[/color]
the page[color=blue]
> needs to get the SSID. I know I can send it as a cookie, hidden[/color]
field, etc,[color=blue]
> but what other ways are available to send it? For example, I know[/color]
that[color=blue]
> session_registering variables at the top of the second page works.
>
> If the user visits any pure html pages (extension html), how can I[/color]
get the[color=blue]
> session back when they come back to my php pages. Without php on the[/color]
page,[color=blue]
> how can I propagate the SSID?[/color]

IMHO, there is no way to carry the session id in pure html pages.
Probably you may need to force the html pages to be parsed by PHP (by
settings in Apache). May also want to try trans sid setting.
session_register() is obsolete. Please refer manual
<http://www.php.net/session>

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

re: Session maintenance

*** Michael Satterwhite escribió/wrote (Sun, 13 Feb 2005 15:32:11 GMT):[color=blue]
> If the user visits any pure html pages (extension html), how can I get the
> session back when they come back to my php pages.[/color]

Just let PHP take care of it with the default solution: cookies.


--
-+ Álvaro G. Vicario - Burgos, Spain
+- http://www.demogracia.com (la web de humor barnizada para la intemperie)
++ Manda tus dudas al grupo, no a mi buzón
-+ Send your questions to the group, not to my mailbox
--

re: Session maintenance

Michael Satterwhite wrote:
[color=blue]
> At the beginning of a web page, I do either a session_start() or a
> session_register(...).[/color]

You don't want to use session_register(). Use the $_SESSION array.

Regards,
Matthias

re: Session maintenance

> At the beginning of a web page, I do either a session_start() or a[color=blue]
> session_register(...).[/color]

You do a session_start(). session_register() is obsolete. :)
[color=blue]
> When the user goes to the next page, I know the
> page needs to get the SSID. I know I can send it as a cookie, hidden
> field, etc, but what other ways are available to send it? For example, I
> know that session_registering variables at the top of the second page
> works.[/color]

The session handling in PHP does this for you automatically. Just call
session_start() at the very top of each page and PHP will pick up the
session id and restore the $_SESSION array for you. For many (most?)
purposes you don't *need* to know what the session ID is or how it is sent.
(It normally goes via a cookie and you can find the value with
session_id().)
[color=blue]
> If the user visits any pure html pages (extension html), how can I get the
> session back when they come back to my php pages. Without php on the page,
> how can I propagate the SSID?[/color]

Any page that needs the session ID just calls session_start() at the top.
That makes $_SESSION available. If you have any pages (PHP or HTML) that
don't need the session just ignore it by not calling session_start(). The
session ID is propagated automatically by the browser, which sends it with
each page request. If the server doesn't use (or even look at) that cookie,
that won't stop the browser sending it with the next page request.

--
The email address used to post is a spam pit. Contact me at
http://www.derekfountain.org : <a
href="http://www.derekfountain.org/">Derek Fountain</a>

re: Session maintenance

Michael Satterwhite <satterwh.X$NO$S$PAM@weblore.com> writes:
[color=blue]
> I'm trying to get a better feel for exactly how sessions work.
>
> At the beginning of a web page, I do either a session_start() or a
> session_register(...). When the user goes to the next page, I know the page
> needs to get the SSID. I know I can send it as a cookie, hidden field, etc,
> but what other ways are available to send it? For example, I know that
> session_registering variables at the top of the second page works.
>
> If the user visits any pure html pages (extension html), how can I get the
> session back when they come back to my php pages. Without php on the page,
> how can I propagate the SSID?[/color]

The cookie SID storage method is going to result in the client sending
the SID cookie with each request to a qualified directory regardless
of the target page being a static file or script.[color=blue]
>
> thanks in advance
> ---Michael
>[/color]

--
-------------------------------------------------------------------------------
Jerry Sievers 305 854-3001 (home) WWW ECommerce Consultant
305 321-1144 (mobile http://www.JerrySievers.com/

re: Session maintenance

Jerry Sievers wrote:
[color=blue]
> Michael Satterwhite <satterwh.X$NO$S$PAM@weblore.com> writes:
>[color=green]
>> I'm trying to get a better feel for exactly how sessions work.
>>
>> At the beginning of a web page, I do either a session_start() or a
>> session_register(...). When the user goes to the next page, I know the
>> page needs to get the SSID. I know I can send it as a cookie, hidden
>> field, etc, but what other ways are available to send it? For example, I
>> know that session_registering variables at the top of the second page
>> works.
>>
>> If the user visits any pure html pages (extension html), how can I get
>> the session back when they come back to my php pages. Without php on the
>> page, how can I propagate the SSID?[/color]
>
> The cookie SID storage method is going to result in the client sending
> the SID cookie with each request to a qualified directory regardless
> of the target page being a static file or script.[/color]

Exactly what are you referring to here? I'm feeling very ignorant at this
point.

thanks much
---Michael

re: Session maintenance

Michael Satterwhite <satterwh.X$NO$S$PAM@weblore.com> writes:
[color=blue]
> Jerry Sievers wrote:
>[color=green]
> > Michael Satterwhite <satterwh.X$NO$S$PAM@weblore.com> writes:
> >
> >
> > The cookie SID storage method is going to result in the client sending
> > the SID cookie with each request to a qualified directory regardless
> > of the target page being a static file or script.[/color]
>
> Exactly what are you referring to here? I'm feeling very ignorant at this
> point.[/color]

I don't know where to begin. You have read all the PHP docs that
pertain to sessions, right?

Among possible others, the session ID can be sent to the server by a
query parameter in the URL or a cookie.

You should dig through the bunches of session related PHP config
settings to get a better idea what's possible.

I prefer to force cookies and disable transparent SID;

php_flag session.auto_start on
php_flag session.use_only_cookies on
php_flag session.use_trans_sid off

I don't know is this helps or not.

Good luck. Sessions are hairy but very useful.

[color=blue]
> thanks much
> ---Michael
>[/color]

--
-------------------------------------------------------------------------------
Jerry Sievers 305 854-3001 (home) WWW ECommerce Consultant
305 321-1144 (mobile http://www.JerrySievers.com/

--
-------------------------------------------------------------------------------
Jerry Sievers 305 854-3001 (home) WWW ECommerce Consultant
305 321-1144 (mobile http://www.JerrySievers.com/

re: Session maintenance

Jerry Sievers wrote:
[color=blue]
> Michael Satterwhite <satterwh.X$NO$S$PAM@weblore.com> writes:
>[color=green]
>> Jerry Sievers wrote:
>>[color=darkred]
>> > Michael Satterwhite <satterwh.X$NO$S$PAM@weblore.com> writes:
>> >
>> >
>> > The cookie SID storage method is going to result in the client sending
>> > the SID cookie with each request to a qualified directory regardless
>> > of the target page being a static file or script.[/color]
>>
>> Exactly what are you referring to here? I'm feeling very ignorant at this
>> point.[/color]
>
> I don't know where to begin. You have read all the PHP docs that
> pertain to sessions, right?[/color]

Absolutely ... and have been using sessions. My question here is specific
to: "What are you referring to by the "cookie SID storage method"?

I know that I can send the SID in many ways, but it is my understanding that
*I* have to send it (post, cookie, whatever). The post I'm replying to is
(I believe) implying that once I send it the server is going to continue to
send it - even to downstream pages where I haven't sent it. I would love
for that to be true (and, in my ignorance, I allow for the fact that it may
be!) but I haven't seen - or have missed - anything in the documentation
that says that. If there *IS* a storage method that propagates the SID to
downstream pages, I really want to understand it so that I can use it.

re: Session maintenance

Michael Satterwhite <satterwh.X$NO$S$PAM@weblore.com> writes:
[color=blue]
> Jerry Sievers wrote:
>
>
> Absolutely ... and have been using sessions. My question here is specific
> to: "What are you referring to by the "cookie SID storage method"?
>
> I know that I can send the SID in many ways, but it is my understanding that
> *I* have to send it (post, cookie, whatever). The post I'm replying to is
> (I believe) implying that once I send it the server is going to continue to
> send it - even to downstream pages where I haven't sent it. I would love
> for that to be true (and, in my ignorance, I allow for the fact that it may
> be!) but I haven't seen - or have missed - anything in the documentation
> that says that. If there *IS* a storage method that propagates the SID to
> downstream pages, I really want to understand it so that I can use it.[/color]

I have NOT done any actual R&D to verify this but it's likely that the
server send the set cookie header only the first time on session start
if it doesn't get a SID.

From that point, the client sends the cookie to identify the session.

And it should send this cookie to any URL that the cookie is intended
for which I believe on sessions (the default) is the entire site.

HTH[color=blue]
>[/color]

--
-------------------------------------------------------------------------------
Jerry Sievers 305 854-3001 (home) WWW ECommerce Consultant
305 321-1144 (mobile http://www.JerrySievers.com/

re: Session maintenance

Michael Satterwhite <satterwh.X$NO$S$PAM@weblore.com> wrote in
news:Ow8Qd.57655$sr1.32504@fe2.texas.rr.com:
[color=blue][color=green][color=darkred]
>>> > The cookie SID storage method is going to result in the client
>>> > sending the SID cookie with each request to a qualified directory
>>> > regardless of the target page being a static file or script.
>>>
>>> Exactly what are you referring to here? I'm feeling very ignorant at
>>> this point.[/color]
>>
>> I don't know where to begin. You have read all the PHP docs that
>> pertain to sessions, right?[/color]
>
> Absolutely ... and have been using sessions. My question here is
> specific to: "What are you referring to by the "cookie SID storage
> method"?
>
> I know that I can send the SID in many ways, but it is my
> understanding that *I* have to send it (post, cookie, whatever).[/color]

Do yourself a favour and get the Firefox browser:
http://www.mozilla.org/products/firefox/
and then install the LiveHTTPHeaders extension:
http://livehttpheaders.mozdev.org/

With those installed, you can easily see the HTTP header
"conversation" between your browser and the server.
This will allow you to see what happens when you are
using sessions, including what happens when you are
using sessions, cookies are enabled, and you don't
explicitly "send" the session ID.

PHP will automatically propogate the session id in the
URL query string, if it can't be maintained in a cookie.
Try it yourself and see ;-)

Where I've found you may have to have your own code
explicity include the session id is when using the
header() function to redirect to a different page.

--
Dave Patton
Canadian Coordinator, Degree Confluence Project
http://www.confluence.org/
My website: http://members.shaw.ca/davepatton/

re: Session maintenance

I noticed that Message-ID:
<Xns95FDA7A0527ECmrzaphoddirectcaold@24.71.223.159 > from Dave Patton
contained the following:
[color=blue]
>PHP will automatically propogate the session id in the
>URL query string, if it can't be maintained in a cookie.[/color]

If it's set to do so.
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

re: Session maintenance

Geoff Berrow wrote:
[color=blue]
> I noticed that Message-ID:
> <Xns95FDA7A0527ECmrzaphoddirectcaold@24.71.223.159 > from Dave Patton
> contained the following:
>[color=green]
>>PHP will automatically propogate the session id in the
>>URL query string, if it can't be maintained in a cookie.[/color]
>
> If it's set to do so.[/color]

Something I'd missed. What's the configuration parameter?

re: Session maintenance

I noticed that Message-ID: <_7qQd.61900$sr1.59171@fe2.texas.rr.com> from
Michael Satterwhite contained the following:
[color=blue][color=green][color=darkred]
>>>PHP will automatically propogate the session id in the
>>>URL query string, if it can't be maintained in a cookie.[/color]
>>
>> If it's set to do so.[/color]
>
>Something I'd missed. What's the configuration parameter?[/color]

session.use_trans_sid

But it has to be set in php.ini Can't use ini_set before PHP 5 :-(

http://uk.php.net/ref.session

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/