473,735 Members | 2,116 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

session cookies

I know that when you start a session in PHP, the "cookie" it creates is
not the same as those that are stored in your browser's temp folder, and
instead is kept in RAM. I am confused because in every session tutorial
I have ever read, the author invariably mentions the 2 main ways of
propagating sessions - through cookies and appended to the URL. The
author also almost always talks about the method being dependent on the
user's preferences, for example whether he/she accepts cookies. I am so
confused because I have tried setting my browser to reject all cookies,
and in php.ini I have session.use_coo kies = 1. I have also restarted
apache with both session.use_onl y_cookies = 1 and with it commented out
as it is by default. In all cases, my scripts always work exactly like
they should. As far as I can tell, if I am explicitly saying that PHP
MUST use cookies to handle my sessions, and I am setting my browser to
reject ALL cookies, my script should not execute successfully. Also,
when I output the contents of $_COOKIE, I get my valid session id,
meaning the cookie is being set. Meanwhile, trying to log in to other
sites on the web that require cookies fails (as it should). If setting
my browser to reject all cookies has no effect, what else could a user
possibly do to make sessions using cookies not work? Thanks a bunch.
Nov 22 '05 #1
7 2015
You didn't set use_only_cookie s ? In that case, PHP should use a GET
parameter in the URL for communicating the session ID.

Marcus wrote:
I know that when you start a session in PHP, the "cookie" it creates is
not the same as those that are stored in your browser's temp folder, and
instead is kept in RAM. I am confused because in every session tutorial
I have ever read, the author invariably mentions the 2 main ways of
propagating sessions - through cookies and appended to the URL. The
author also almost always talks about the method being dependent on the
user's preferences, for example whether he/she accepts cookies. I am so
confused because I have tried setting my browser to reject all cookies,
and in php.ini I have session.use_coo kies = 1. I have also restarted
apache with both session.use_onl y_cookies = 1 and with it commented out
as it is by default. In all cases, my scripts always work exactly like
they should. As far as I can tell, if I am explicitly saying that PHP
MUST use cookies to handle my sessions, and I am setting my browser to
reject ALL cookies, my script should not execute successfully. Also,
when I output the contents of $_COOKIE, I get my valid session id,
meaning the cookie is being set. Meanwhile, trying to log in to other
sites on the web that require cookies fails (as it should). If setting
my browser to reject all cookies has no effect, what else could a user
possibly do to make sessions using cookies not work? Thanks a bunch.

Nov 22 '05 #2
Dikkie Dik wrote:
You didn't set use_only_cookie s ? In that case, PHP should use a GET
parameter in the URL for communicating the session ID.


I tried it first with the default use_only_cookie s being off, and then
with it on (checked phpinfo() to make sure), and it had no effect. The
session ID is not being propagated anywhere that I can see, and like I
said, echoing the contents of $_COOKIE shows the session id.
Nov 22 '05 #3
Following on from Marcus's message. . .
Dikkie Dik wrote:
You didn't set use_only_cookie s ? In that case, PHP should use a GET
parameter in the URL for communicating the session ID.


I tried it first with the default use_only_cookie s being off, and then
with it on (checked phpinfo() to make sure), and it had no effect. The
session ID is not being propagated anywhere that I can see, and like I
said, echoing the contents of $_COOKIE shows the session id.

Thought: Have you been (fully) closing your browser between all tests?

--
PETER FOX Not the same since the cardboard box company folded
pe******@eminen t.demon.co.uk.n ot.this.bit.no. html
2 Tees Close, Witham, Essex.
Gravity beer in Essex <http://www.eminent.dem on.co.uk>
Nov 22 '05 #4
>I know that when you start a session in PHP, the "cookie" it creates is
not the same as those that are stored in your browser's temp folder, and
instead is kept in RAM.
This is the distinction between a cookie that vanishes when the browser
closes and one that stays around in the browser for a specified time.
I am confused because in every session tutorial
I have ever read, the author invariably mentions the 2 main ways of
propagating sessions - through cookies and appended to the URL. The
author also almost always talks about the method being dependent on the
user's preferences, for example whether he/she accepts cookies. I am so confused because I have tried setting my browser to reject all cookies,


Did you also *clean out* existing cookies?

Gordon L. Burditt
Nov 22 '05 #5
Gordon Burditt wrote:
I know that when you start a session in PHP, the "cookie" it creates is
not the same as those that are stored in your browser's temp folder, and
instead is kept in RAM.

This is the distinction between a cookie that vanishes when the browser
closes and one that stays around in the browser for a specified time.

I am confused because in every session tutorial
I have ever read, the author invariably mentions the 2 main ways of
propagating sessions - through cookies and appended to the URL. The
author also almost always talks about the method being dependent on the
user's preferences, for example whether he/she accepts cookies. I am so


confused because I have tried setting my browser to reject all cookies,

Did you also *clean out* existing cookies?

Gordon L. Burditt


Gordon,

Thanks for the reply. Yes, I've cleaned out all existing cookies and
deleted all files and history just to start clean (even though I doubt
the latter 2 have any bearing). I've also restarted apache numerous
times and tried both IE and Firefox, all to no avail.

This is from my php.ini file as viewed through phpinfo():
session.use_coo kies On On
session.use_onl y_cookies On On
session.use_tra ns_sid Off Off

Now that I think about it, what good would clearing all existing cookies
in the browser do? That clears the temp directory, where php's cookies
aren't anyways... I have the default lifetime set as 0, which means they
should die once the browser is closed right?

Given all the info I have provided, am I correct in assuming my sessions
should *not* be working? Obviously I am missing something because they
are in fact working exactly as they always have.

I should mention I am doing all this testing on my localhost. Does this
have any bearing on it? I wouldn't think so but I thought it was worth
mentioning anyways.

As always, thanks for everyone's insightful help.
Nov 22 '05 #6
Wow, I can't explain this, but after just messing around with reloading
programs and everything a million times, FireFox now is behaving
correctly... the sessions don't work when cookies are disabled.

However, IE is still not right. In IE is there anything I have to do
besides tools->internet options->privacy->block all cookies?
Nov 22 '05 #7
>>>I know that when you start a session in PHP, the "cookie" it creates is
not the same as those that are stored in your browser's temp folder, and
instead is kept in RAM.

This is the distinction between a cookie that vanishes when the browser
closes and one that stays around in the browser for a specified time.

I am confused because in every session tutorial
I have ever read, the author invariably mentions the 2 main ways of
propagatin g sessions - through cookies and appended to the URL. The
author also almost always talks about the method being dependent on the
user's preferences, for example whether he/she accepts cookies. I am so


confused because I have tried setting my browser to reject all cookies,

Did you also *clean out* existing cookies?

Gordon L. Burditt


Gordon,

Thanks for the reply. Yes, I've cleaned out all existing cookies and
deleted all files and history just to start clean (even though I doubt
the latter 2 have any bearing). I've also restarted apache numerous
times and tried both IE and Firefox, all to no avail.

This is from my php.ini file as viewed through phpinfo():
session.use_co okies On On
session.use_on ly_cookies On On
session.use_tr ans_sid Off Off

Now that I think about it, what good would clearing all existing cookies
in the browser do?


If you tell the browser to reject all cookies, that may well tell it to
reject all *NEW* cookies, and to keep (and send) the ones it's already
got. If the session cookie is already in there, it stays in there.
So when you set the browser to reject all cookies *without* restarting
it, it keeps the session cookie.
That clears the temp directory,
What temp directory? I'm not aware of a *browser* that keeps cookies
in a temp directory, especially not those that expire when the
browser closes (which are normally just kept in RAM while the browser
is running).

The directory PHP uses to store session files is on the *server*,
not the *client* (a relevant distinction even if they happen to
be on the same machine).

where php's cookies
aren't anyways... I have the default lifetime set as 0, which means they
should die once the browser is closed right?
Are you sure you closed *ALL* the browser windows? On IE with Windows,
this might even require a reboot; I'm not sure.
Given all the info I have provided, am I correct in assuming my sessions
should *not* be working? Obviously I am missing something because they
are in fact working exactly as they always have.
I don't think you've given sufficient information to conclude that.
I should mention I am doing all this testing on my localhost. Does this
have any bearing on it? I wouldn't think so but I thought it was worth
mentioning anyways.

As always, thanks for everyone's insightful help.


Gordon L. Burditt
Nov 22 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

27
7122
by: mrbog | last post by:
Tell me if my assertion is wrong here: The only way to prevent session hijacking is to NEVER store authentication information (such as name/password) in the session. Well, to never authenticate a user from information you got from the session. Each secure app on a site must challenge the user for name and password, each and every time the user accesses it (not just once and then store it in the session). If a secure app is multi-page,...
0
14717
by: Maverick | last post by:
Hello all, I read some good reviews about jakarta HTTPClient about its session and cookies management system and fancied giving it a try as a learning exercise but somehow I don't seem to be able to get it to work properly. I'm basically trying to connect to this site http://s1.starkingdoms.com/scripts/main.php I am able to get past the authentication login page onto the next screen but I then can't proceed any further because of...
3
3539
by: PM | last post by:
I'm trying to make a kind of search history containing the 3 last searched words. So I'm using 3 Session Variables: Word1 / Word2 / Word3. In order to get this history working, I need to put the last searched word in the following Variable. Ex.: Session("Word3") = Session("Word2") Session("Word2") = Session("Word1")
2
3344
by: Amit D.Shinde | last post by:
Hello Experts.. I need some help regarding cookies and session objects and also global.asa file I am creating one cookie when a user logs in on my website. The cookie stores the login name of the user. I want that cookie should get deleted when user closes the browser without signing out. I think it is done in global.asa file . But i don;t know how to do it?
9
1960
by: RA | last post by:
Hi Please review and let me know if I am correct: 1) My understanding from reading http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/ diforwc-ch05.asp is that asp.net uses cookies to store the user session id, but if cookies are not enabled then it will send the session id as part of the url. Is this correct?
3
4919
by: damezumari | last post by:
To find out were session variables are stored I included this instruction in my program: echo ini_get("session.save_path"); The reply was /home/7604/data/tmp which is a folder on my server. I look at /home/7604/data/tmp and it is full of session files for today. Even so, if I have cookies blocked for my site http://easyquestion.net
2
5011
by: StanB | last post by:
I came across this weird problem: 1. Session state stops working after the app is deployed to another server because IE does not accept cookies. 2. It works if cookieless="true" in the web.config 3. Yes, I tried IE - Tools - Privacy - Accept All Cookies and also Override automatic cookie handling, Always allow session cookes
3
5003
by: dihola | last post by:
Hi, I have a website running in IIS7 and it seems to be creating a new session for every request I make. The values I store in Session are lost with every request. This is the forms bit in my web.config: <authentication mode="Forms"> <forms name=".ReMaCRM" loginUrl="~/Login.aspx" defaultUrl="~/Default.aspx" cookieless="AutoDetect" domain="" timeout="10" protection="All" /> </authentication>
9
7811
by: Josh | last post by:
I run a Joomla website and am familiar with php in some but not all aspects. Currently I am trying to find some solutions related to session handling. Am I correct in saying that "login" is kept in sessions? I can see active sessions in my mysql database, but is that the only place this information is stored? Sessions and cookies I know are related also, but how specifically (session info stored in cookies?)? Right now, when users...
0
9327
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
9201
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
8202
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
6049
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4564
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4823
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3277
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2740
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
2190
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.