By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,831 Members | 2,237 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,831 IT Pros & Developers. It's quick & easy.

$PHPSESSID blank on initial php file

P: n/a
Hi,

When I initially start my browser (any of 'm) and point it to my PHP script
the $PHPSESSID is always blank.
On all subsequent hits or after a refresh the value for $PHPSESSID is
fine... why do I have to complete a php file before the $PHPSESSID is set?
I tried to do session_start() before anything still blank, what did I
miss?
(Aix 4.3.3, php 4.2.1,Apache 1.13.26)

Thanks!

John.
Jul 16 '05 #1
Share this Question
Share on Google+
8 Replies


P: n/a
On Wed, 13 Aug 2003 20:26:57 GMT in
<message-id:la*********************@newssvr13.news.prodigy. com>
"JohnS" <Pl**********@myaccount.com> wrote:
Hi,

When I initially start my browser (any of 'm) and point it to my PHP
script the $PHPSESSID is always blank.
On all subsequent hits or after a refresh the value for $PHPSESSID is
fine... why do I have to complete a php file before the $PHPSESSID is
set? I tried to do session_start() before anything still blank,
what did I miss?
(Aix 4.3.3, php 4.2.1,Apache 1.13.26)

^^^^^^^^^
The reason you haven't RTFM is?

By default, of course $PHPSESSID will be blank.. as to why, is a task
you're left to read about, but as a hint.... http://php.net/ ;)

Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.
Jul 16 '05 #2

P: n/a
Ok ok, I'm reading the "Fantastic" manual right now....again...

J.

btw. I did before...no answer yet... any more hints?
"Ian.H [dS]" <ia*@WINDOZEdigiserv.net> wrote in message
news:20030813215128.2a35a071.ia*@WINDOZEdigiserv.n et...
On Wed, 13 Aug 2003 20:26:57 GMT in
<message-id:la*********************@newssvr13.news.prodigy. com>
"JohnS" <Pl**********@myaccount.com> wrote:
Hi,

When I initially start my browser (any of 'm) and point it to my PHP
script the $PHPSESSID is always blank.
On all subsequent hits or after a refresh the value for $PHPSESSID is
fine... why do I have to complete a php file before the $PHPSESSID is
set? I tried to do session_start() before anything still blank,
what did I miss?
(Aix 4.3.3, php 4.2.1,Apache 1.13.26)

^^^^^^^^^
The reason you haven't RTFM is?

By default, of course $PHPSESSID will be blank.. as to why, is a task
you're left to read about, but as a hint.... http://php.net/ ;)

Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.

Jul 16 '05 #3

P: n/a
"JohnS" <Pl**********@myaccount.com> wrote in
news:wE*****************@newssvr27.news.prodigy.co m:
Ok ok, I'm reading the "Fantastic" manual right now....again...

J.

btw. I did before...no answer yet... any more hints?


Session ID is returned from the browser. The browser doesn't have it until
after it loads the first page of the session. This behavior is by intent.

Is there a way to retrieve a cookie you just set?

--
Larry Flynt for Governor
Bringing dignity back to the Governor's Mansion

Terry Austin
ta*****@hyperbooks.com
Jul 16 '05 #4

P: n/a
Is it that the *browser* generates the $PHPSESSID not PHP? And therefore
must at least load 1 php file before it can do so? I was thinking it was
generated by PHP as in *PHP*sessid....

right?

Just nod if you agree Ian....

Thanks!

John.
"Ian.H [dS]" <ia*@WINDOZEdigiserv.net> wrote in message
news:20030813215128.2a35a071.ia*@WINDOZEdigiserv.n et...
On Wed, 13 Aug 2003 20:26:57 GMT in
<message-id:la*********************@newssvr13.news.prodigy. com>
"JohnS" <Pl**********@myaccount.com> wrote:
Hi,

When I initially start my browser (any of 'm) and point it to my PHP
script the $PHPSESSID is always blank.
On all subsequent hits or after a refresh the value for $PHPSESSID is
fine... why do I have to complete a php file before the $PHPSESSID is
set? I tried to do session_start() before anything still blank,
what did I miss?
(Aix 4.3.3, php 4.2.1,Apache 1.13.26)

^^^^^^^^^
The reason you haven't RTFM is?

By default, of course $PHPSESSID will be blank.. as to why, is a task
you're left to read about, but as a hint.... http://php.net/ ;)

Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.

Jul 16 '05 #5

P: n/a
On Wed, 13 Aug 2003 21:10:36 GMT in
<message-id:gP****************@newssvr27.news.prodigy.com>
"JohnS" <Pl**********@myaccount.com> wrote:
Is it that the *browser* generates the $PHPSESSID not PHP? And
therefore must at least load 1 php file before it can do so? I was
thinking it was generated by PHP as in *PHP*sessid....

right?

Just nod if you agree Ian....

Thanks!

John.

Well, John.. seeing as you're using PHP 4.2.1, have you checked your
register_globals settings in php.ini? oh, of course you have! you read
the very FINE manual properly didn't you? =)

Funny how php.net has this screaming out at you, and has done for
absolutely ages.. why oh why are people _still_ shocked when their
poorly written scripts fail (and yes, your method is _VERY_ poor and
insecure).

Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.
Jul 16 '05 #6

P: n/a
> Well, John.. seeing as you're using PHP 4.2.1, have you checked your
register_globals settings in php.ini? oh, of course you have! you read
the very FINE manual properly didn't you? =)
Indeed, I did...but not all of it...

Funny how php.net has this screaming out at you, and has done for
absolutely ages.. why oh why are people _still_ shocked when their
poorly written scripts fail (and yes, your method is _VERY_ poor and
insecure).


One day... when I am just as good as you...

Thanks for your help.
Cheers,
J.
Jul 16 '05 #7

P: n/a
On Wed, 13 Aug 2003 22:01:06 GMT in
<message-id:Cy*********************@newssvr13.news.prodigy. com>
"JohnS" <Pl**********@myaccount.com> wrote:
One day... when I am just as good as you...

John, it's not that at all.. apologies for the harshness.

A small summary to back up my harsh statement. Take your example here,
with $PHPSESSID. Obviously, sessions are supposed to be a "secure"
method for many things. So you're checking for $PHPSESSID, which is
nothing more here, than a variable. I access your site like
'yoursite.com/foo.php?PHPSESSID=abcdef123456' etc. I'm "half way there"
to either breaking or possibly expoiting your script. Now we go into
register_globals being disabled, by using my example URI here, you will
only be able to use that PHPSESSID var via $_GET['PHPSESSID'], whereas
for sessions, it would _HAVE_ to be: $_SESSION['PHPSESSID'] (or as it
stores a cookie, $_COOKIE['PHPSESSID']). As you can probably see here,
security has been enhanced for your script by making sure that the value
is coming from a predefined source, not just "anywhere".

Aside from the above, it also makes it much easier to read / follow your
code (especially if you return to it at a much later date fr upgrading /
maintenance or whatever, or for the next developer to read and follow
and take over from you).

I hope this clarifies things a little better for you, in a more friendly
manner =)


Thanks for your help.
Cheers,
J.

No probs.. am I to assume it was the globals issue? (just curious now =)
).

Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.
Jul 16 '05 #8

P: n/a
Ian:

Very good point!

Let me investigate further and modify my scripts. First I am going to Read
The Fantastic Manual once more...

Cheers,
John.
John, it's not that at all.. apologies for the harshness. No apologies needed.
No probs.. am I to assume it was the globals issue? (just curious now

=) ).
I had register_globals on, but now I am going to turn them off, and redo
some scripts. Better save than sHacked.

J.
Jul 16 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.