PHPSESSID

Dear Gurus

Is it correct that you do not have to pass the PHPSESSID in the header in
order to keep a session going. What are the advantages/disadvantages of
having the PHPSESSID in the header

e..g. http://www.myurl.com/index.php?PHPSESSID=......

Thank you

- Nicolaas

re: PHPSESSID

windandwaves wrote:

Hi,
[color=blue]
> Dear Gurus
>
> Is it correct that you do not have to pass the PHPSESSID in the header in
> order to keep a session going.[/color]

header? no..
It is stored in a cookie most of the time. (Which is send along with the
headers)
[color=blue]
> What are the advantages/disadvantages of
> having the PHPSESSID in the header
>
> e..g. http://www.myurl.com/index.php?PHPSESSID=......[/color]

That is NOT a header.
That is an URL with some extra information. (Called GET or Querystring)

And it is a perfectly legal way pass the sessionid around from page to page.

Alternatively people use a cookie instead.

Regards,
Erwin Moller
[color=blue]
>
> Thank you
>
> - Nicolaas[/color]

re: PHPSESSID

>> What are the advantages/disadvantages of[color=blue][color=green]
>> having the PHPSESSID in the header
>> e..g. http://www.myurl.com/index.php?PHPSESSID=......[/color]
> And it is a perfectly legal way pass the sessionid around from page to
> page.[/color]

Be careful though - if you use a redirect on every user that comes to you
page without PHPSESSID (the way PHPlib does it) you will have problems with
some search engine crawlers.

Otherwise it is better to just put a session id in cookie. Most of the users
have cookies enabled (and there is no reason anymore why they shouldn't),
as for the other few - if they knew how to disable cookies they also know
how to enable them.

The reason for not using cookies comes from times when you could not set
your browser to only allow session cookies. Those days are now long gone.

Regards,

Anze

re: PHPSESSID

Anze wrote:[color=blue][color=green][color=darkred]
>>> What are the advantages/disadvantages of
>>> having the PHPSESSID in the header
>>> e..g. http://www.myurl.com/index.php?PHPSESSID=......[/color]
>> And it is a perfectly legal way pass the sessionid around from page
>> to page.[/color]
>
> Be careful though - if you use a redirect on every user that comes to
> you page without PHPSESSID (the way PHPlib does it) you will have
> problems with some search engine crawlers.
>
> Otherwise it is better to just put a session id in cookie. Most of
> the users have cookies enabled (and there is no reason anymore why
> they shouldn't), as for the other few - if they knew how to disable
> cookies they also know how to enable them.
>
> The reason for not using cookies comes from times when you could not
> set your browser to only allow session cookies. Those days are now
> long gone.
>
> Regards,
>
> Anze[/color]

Hmmm, it seems that I got the wrong information.

So I should ditch the PHPSESSID in the URL and add a cookie. I actually
thought you could do it without a cookie.

I would prefer to go without a cookie if possible (I have never used them),
but I will definitely use them if the search engines can not access my pages
properly (the session starts automatically when people visit the site).

Thank you for your responses.


- Nicolaas

re: PHPSESSID

windandwaves wrote:
Ideally, I would like to put all the session variable in my Mysql database.
Is that possible?

re: PHPSESSID

windandwaves wrote:
On
http://nz.php.net/manual/en/ref.sess...sion.idpassing

I read:

"Search engines in general don't support cookies, and they don't do well
with SIDs in the query string. If you use sessions, especially URL-based
sessions, and want your site to be search engine friendly, the following
works well:

<?php
$br = get_browser();
if (!($br->crawler))
{
// any session-related code goes here
}
else
{
// whatever your page needs to work without sessions
}
?>

To use the function get_browser() you may need to install browscap.ini. See
the documentation for get_browser() for more info"

browscap.ini is not installed for me, is there another way to recognise the
googles of this world?

re: PHPSESSID

Erwin Moller wrote:
[..........][color=blue]
> Alternatively people use a cookie instead.[/color]

What code do I need to add to change from URL to cookie based sessions? Is
it lots or just a few lines. My site works perfectly now, but it uses URL
rather than cookies. Before I change over, however, I will have a good luck
on all the implications, especially those relating to search engines.

Thank you for your reply.
[color=blue]
> Regards,
> Erwin Moller
>[color=green]
>>
>> Thank you
>>
>> - Nicolaas[/color][/color]

re: PHPSESSID

windandwaves wrote:
[color=blue]
> Erwin Moller wrote:
> [..........][color=green]
>> Alternatively people use a cookie instead.[/color]
>
> What code do I need to add to change from URL to cookie based sessions?
> Is
> it lots or just a few lines. My site works perfectly now, but it uses URL
> rather than cookies. Before I change over, however, I will have a good
> luck on all the implications, especially those relating to search engines.[/color]

Hi,

You can also let PHP take care of the session.
Look into php.ini in the session-section, and read up on php.net
PHP has the ability to:
1) try cookie
2) If that is not supported by the browser: use URL-rewriting.
Note: The URL-rewriting is a bit of a misnomer: it does a lot more, also
rewrite imagemaps-urls, frames, etc.
All is complete effortless, PHP can handle the rewriting.

About the searchengines:
If you ONLY use your session for not relevant stuff, I expect that
searchengines can just walk through your site.
for example:
If you have a session you print A, otherwise you print B
So the webcrawler will see B, assuming it didn't log in.

As far as I know webcrawlers do not use cookies, but just follow hyperlinks.

hope that helps a bit.

Regards,
Erwin Moller

[color=blue]
>
> Thank you for your reply.
>[color=green]
>> Regards,
>> Erwin Moller
>>[color=darkred]
>>>
>>> Thank you
>>>
>>> - Nicolaas[/color][/color][/color]