Hi,
When I initially start my browser (any of 'm) and point it to my PHP script
the $PHPSESSID is always blank.
On all subsequent hits or after a refresh the value for $PHPSESSID is
fine... why do I have to complete a php file before the $PHPSESSID is set?
I tried to do session_start() before anything still blank, what did I
miss?
(Aix 4.3.3, php 4.2.1,Apache 1.13.26)
Thanks!
John. 8 6899
On Wed, 13 Aug 2003 20:26:57 GMT in
<message-id:la********** ***********@new ssvr13.news.pro digy.com>
"JohnS" <Pl**********@m yaccount.com> wrote: Hi,
When I initially start my browser (any of 'm) and point it to my PHP script the $PHPSESSID is always blank. On all subsequent hits or after a refresh the value for $PHPSESSID is fine... why do I have to complete a php file before the $PHPSESSID is set? I tried to do session_start() before anything still blank, what did I miss? (Aix 4.3.3, php 4.2.1,Apache 1.13.26)
^^^^^^^^^
The reason you haven't RTFM is?
By default, of course $PHPSESSID will be blank.. as to why, is a task
you're left to read about, but as a hint.... http://php.net/ ;)
Regards,
Ian
--
Ian.H [Design & Development]
digiServ Network - Web solutions www.digiserv.net | irc.digiserv.ne t | forum.digiserv. net
Programming, Web design, development & hosting.
Ok ok, I'm reading the "Fantastic" manual right now....again...
J.
btw. I did before...no answer yet... any more hints?
"Ian.H [dS]" <ia*@WINDOZEdig iserv.net> wrote in message
news:2003081321 5128.2a35a071.i a*@WINDOZEdigis erv.net... On Wed, 13 Aug 2003 20:26:57 GMT in <message-id:la********** ***********@new ssvr13.news.pro digy.com> "JohnS" <Pl**********@m yaccount.com> wrote:
Hi,
When I initially start my browser (any of 'm) and point it to my PHP script the $PHPSESSID is always blank. On all subsequent hits or after a refresh the value for $PHPSESSID is fine... why do I have to complete a php file before the $PHPSESSID is set? I tried to do session_start() before anything still blank, what did I miss? (Aix 4.3.3, php 4.2.1,Apache 1.13.26) ^^^^^^^^^
The reason you haven't RTFM is?
By default, of course $PHPSESSID will be blank.. as to why, is a task you're left to read about, but as a hint.... http://php.net/ ;) Regards,
Ian
-- Ian.H [Design & Development] digiServ Network - Web solutions www.digiserv.net | irc.digiserv.ne t | forum.digiserv. net Programming, Web design, development & hosting.
"JohnS" <Pl**********@m yaccount.com> wrote in
news:wE******** *********@newss vr27.news.prodi gy.com: Ok ok, I'm reading the "Fantastic" manual right now....again...
J.
btw. I did before...no answer yet... any more hints?
Session ID is returned from the browser. The browser doesn't have it until
after it loads the first page of the session. This behavior is by intent.
Is there a way to retrieve a cookie you just set?
--
Larry Flynt for Governor
Bringing dignity back to the Governor's Mansion
Terry Austin ta*****@hyperbo oks.com
Is it that the *browser* generates the $PHPSESSID not PHP? And therefore
must at least load 1 php file before it can do so? I was thinking it was
generated by PHP as in *PHP*sessid....
right?
Just nod if you agree Ian....
Thanks!
John.
"Ian.H [dS]" <ia*@WINDOZEdig iserv.net> wrote in message
news:2003081321 5128.2a35a071.i a*@WINDOZEdigis erv.net... On Wed, 13 Aug 2003 20:26:57 GMT in <message-id:la********** ***********@new ssvr13.news.pro digy.com> "JohnS" <Pl**********@m yaccount.com> wrote:
Hi,
When I initially start my browser (any of 'm) and point it to my PHP script the $PHPSESSID is always blank. On all subsequent hits or after a refresh the value for $PHPSESSID is fine... why do I have to complete a php file before the $PHPSESSID is set? I tried to do session_start() before anything still blank, what did I miss? (Aix 4.3.3, php 4.2.1,Apache 1.13.26) ^^^^^^^^^
The reason you haven't RTFM is?
By default, of course $PHPSESSID will be blank.. as to why, is a task you're left to read about, but as a hint.... http://php.net/ ;) Regards,
Ian
-- Ian.H [Design & Development] digiServ Network - Web solutions www.digiserv.net | irc.digiserv.ne t | forum.digiserv. net Programming, Web design, development & hosting.
On Wed, 13 Aug 2003 21:10:36 GMT in
<message-id:gP********** ******@newssvr2 7.news.prodigy. com>
"JohnS" <Pl**********@m yaccount.com> wrote: Is it that the *browser* generates the $PHPSESSID not PHP? And therefore must at least load 1 php file before it can do so? I was thinking it was generated by PHP as in *PHP*sessid....
right?
Just nod if you agree Ian....
Thanks!
John.
Well, John.. seeing as you're using PHP 4.2.1, have you checked your
register_global s settings in php.ini? oh, of course you have! you read
the very FINE manual properly didn't you? =)
Funny how php.net has this screaming out at you, and has done for
absolutely ages.. why oh why are people _still_ shocked when their
poorly written scripts fail (and yes, your method is _VERY_ poor and
insecure).
Regards,
Ian
--
Ian.H [Design & Development]
digiServ Network - Web solutions www.digiserv.net | irc.digiserv.ne t | forum.digiserv. net
Programming, Web design, development & hosting.
> Well, John.. seeing as you're using PHP 4.2.1, have you checked your register_global s settings in php.ini? oh, of course you have! you read the very FINE manual properly didn't you? =)
Indeed, I did...but not all of it...
Funny how php.net has this screaming out at you, and has done for absolutely ages.. why oh why are people _still_ shocked when their poorly written scripts fail (and yes, your method is _VERY_ poor and insecure).
One day... when I am just as good as you...
Thanks for your help.
Cheers,
J.
On Wed, 13 Aug 2003 22:01:06 GMT in
<message-id:Cy********** ***********@new ssvr13.news.pro digy.com>
"JohnS" <Pl**********@m yaccount.com> wrote: One day... when I am just as good as you...
John, it's not that at all.. apologies for the harshness.
A small summary to back up my harsh statement. Take your example here,
with $PHPSESSID. Obviously, sessions are supposed to be a "secure"
method for many things. So you're checking for $PHPSESSID, which is
nothing more here, than a variable. I access your site like
'yoursite.com/foo.php?PHPSESS ID=abcdef123456 ' etc. I'm "half way there"
to either breaking or possibly expoiting your script. Now we go into
register_global s being disabled, by using my example URI here, you will
only be able to use that PHPSESSID var via $_GET['PHPSESSID'], whereas
for sessions, it would _HAVE_ to be: $_SESSION['PHPSESSID'] (or as it
stores a cookie, $_COOKIE['PHPSESSID']). As you can probably see here,
security has been enhanced for your script by making sure that the value
is coming from a predefined source, not just "anywhere".
Aside from the above, it also makes it much easier to read / follow your
code (especially if you return to it at a much later date fr upgrading /
maintenance or whatever, or for the next developer to read and follow
and take over from you).
I hope this clarifies things a little better for you, in a more friendly
manner =) Thanks for your help. Cheers, J.
No probs.. am I to assume it was the globals issue? (just curious now =)
).
Regards,
Ian
--
Ian.H [Design & Development]
digiServ Network - Web solutions www.digiserv.net | irc.digiserv.ne t | forum.digiserv. net
Programming, Web design, development & hosting.
Ian:
Very good point!
Let me investigate further and modify my scripts. First I am going to Read
The Fantastic Manual once more...
Cheers,
John. John, it's not that at all.. apologies for the harshness.
No apologies needed.
No probs.. am I to assume it was the globals issue? (just curious now
=) ).
I had register_global s on, but now I am going to turn them off, and redo
some scripts. Better save than sHacked.
J. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: AmigaLemming |
last post by:
As I understand my admins installed a PHP server and now my plain HTML
pages also want to set a PHPSESSID cookie when loaded into a browser.
Can I suppress this, e.g. by creating a configuration file like
..htaccess somewhere in my public_html directory? Is it possible to
disable the setting of PHPSESSID cookies for plain HTML pages in
general and maybe for PHP pages that don't need to track any session
information?
|
by: Arnaud |
last post by:
Hi !
I would like to propagate data between php pages, in two cases :
the pages are read by :
1- Internet Explorer
It's ok, data are writen in one page, and read from another. I don't use
PHPSESSID
2- from a mobile browser ( mobile i-Mode phone Nec22)
After several tests, I understod it's impossible, because the session system
tries to write a cookie on the browser...
|
by: edward hage |
last post by:
Hello ,
I want to pass some $_SESSION data to another page.
I can pass PHPSESSID along using echo '<br /><a href="page2.php?' . SID
.. '">page 2</a>';
However, I want to fill in a table with values and include PHPSESSID
with it. This does not work. I tried somethink like this:
<INPUT TYPE="Hidden" NAME="PHPSESSID" VALUE="<?=SID ?>">
|
by: Alex Shi |
last post by:
Hi,
I don't know how php process its session. I just noticed that
for the first time a web site is loaded php will insert a
PHPSESSID through out the page: it attach this id to links,
insert hidden field into form, and even attach the id onto
form button if the button is an image. Here are samples
what it did:
<a href="http://link?PHPSESSID=e2b49283217665659a856cd939f10881>
|
by: frizzle |
last post by:
Hi there
I have a site in which all pages ARE php-pages, but
they're called/manipulated with htaccess.
All files appear as a html-file to surfers.
Sometimes i get the PHPSESSID declared in the url.
I want to avoid this from caching in the browsers
history.
is there a way to detect if PHPSESSID is set, and if
| |
by: Alan Silver |
last post by:
Hello,
I am using this validator on a textbox, and have discovered that if I
set the InitialValue property, then the validator correctly fires if the
user does not change the initial value of the textbox, but does NOT fire
if the textbox is empty!!
I thought the whole point of this validator was to ensure the control
being validated had some text. Am I doing something stupid? It looks
like I am going to need *two* validators for this,...
|
by: John Smith |
last post by:
Googlebot has been picking up numerous PHPSESSID name/value pairs in
URIs at my website, and this causes duplicate hits and wasted bandwidth.
I've since prevented PHPSESSID generation in my PHP script if
Googlebot makes the request; like so:
if(preg_match("/googlebot/i", $_SERVER) != 1)
//session code here
....but this doesn't stop the PHPSESSID requests from Googlebot because
they're already stored in its database, and it continues...
|
by: CAH |
last post by:
Hi
Can you avoid that googlebot indexes PHPSESSID pages? Googlebot is
indexing pages with PHPSESSID, which makes it think my page has a
infinite number of pages. How can one avoid this?
Here is an exsample of url that google register, that might make is
more clear what is happening
www.winches.dk/winches.php?artnr=500735&PHPSESSID=d22126f0d46334659ff...
|
by: Leszek |
last post by:
Hi.
How should I configure Apache2.2 with php5 so that PHPSESSID would be sent
as a cookie ? Now I'm not getting any messages even if I set IE to ask
about incoming cookies...
So what is the default way of sending PHPSESSID if not as a cookie?
What is the best way to send PHPSESSID?
thanks,
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |