473,237 Members | 1,266 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,237 software developers and data experts.

$PHPSESSID blank on initial php file

Hi,

When I initially start my browser (any of 'm) and point it to my PHP script
the $PHPSESSID is always blank.
On all subsequent hits or after a refresh the value for $PHPSESSID is
fine... why do I have to complete a php file before the $PHPSESSID is set?
I tried to do session_start() before anything still blank, what did I
miss?
(Aix 4.3.3, php 4.2.1,Apache 1.13.26)

Thanks!

John.
Jul 16 '05 #1
8 6840
On Wed, 13 Aug 2003 20:26:57 GMT in
<message-id:la*********************@newssvr13.news.prodigy. com>
"JohnS" <Pl**********@myaccount.com> wrote:
Hi,

When I initially start my browser (any of 'm) and point it to my PHP
script the $PHPSESSID is always blank.
On all subsequent hits or after a refresh the value for $PHPSESSID is
fine... why do I have to complete a php file before the $PHPSESSID is
set? I tried to do session_start() before anything still blank,
what did I miss?
(Aix 4.3.3, php 4.2.1,Apache 1.13.26)

^^^^^^^^^
The reason you haven't RTFM is?

By default, of course $PHPSESSID will be blank.. as to why, is a task
you're left to read about, but as a hint.... http://php.net/ ;)

Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.
Jul 16 '05 #2
Ok ok, I'm reading the "Fantastic" manual right now....again...

J.

btw. I did before...no answer yet... any more hints?
"Ian.H [dS]" <ia*@WINDOZEdigiserv.net> wrote in message
news:20030813215128.2a35a071.ia*@WINDOZEdigiserv.n et...
On Wed, 13 Aug 2003 20:26:57 GMT in
<message-id:la*********************@newssvr13.news.prodigy. com>
"JohnS" <Pl**********@myaccount.com> wrote:
Hi,

When I initially start my browser (any of 'm) and point it to my PHP
script the $PHPSESSID is always blank.
On all subsequent hits or after a refresh the value for $PHPSESSID is
fine... why do I have to complete a php file before the $PHPSESSID is
set? I tried to do session_start() before anything still blank,
what did I miss?
(Aix 4.3.3, php 4.2.1,Apache 1.13.26)

^^^^^^^^^
The reason you haven't RTFM is?

By default, of course $PHPSESSID will be blank.. as to why, is a task
you're left to read about, but as a hint.... http://php.net/ ;)

Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.

Jul 16 '05 #3
"JohnS" <Pl**********@myaccount.com> wrote in
news:wE*****************@newssvr27.news.prodigy.co m:
Ok ok, I'm reading the "Fantastic" manual right now....again...

J.

btw. I did before...no answer yet... any more hints?


Session ID is returned from the browser. The browser doesn't have it until
after it loads the first page of the session. This behavior is by intent.

Is there a way to retrieve a cookie you just set?

--
Larry Flynt for Governor
Bringing dignity back to the Governor's Mansion

Terry Austin
ta*****@hyperbooks.com
Jul 16 '05 #4
Is it that the *browser* generates the $PHPSESSID not PHP? And therefore
must at least load 1 php file before it can do so? I was thinking it was
generated by PHP as in *PHP*sessid....

right?

Just nod if you agree Ian....

Thanks!

John.
"Ian.H [dS]" <ia*@WINDOZEdigiserv.net> wrote in message
news:20030813215128.2a35a071.ia*@WINDOZEdigiserv.n et...
On Wed, 13 Aug 2003 20:26:57 GMT in
<message-id:la*********************@newssvr13.news.prodigy. com>
"JohnS" <Pl**********@myaccount.com> wrote:
Hi,

When I initially start my browser (any of 'm) and point it to my PHP
script the $PHPSESSID is always blank.
On all subsequent hits or after a refresh the value for $PHPSESSID is
fine... why do I have to complete a php file before the $PHPSESSID is
set? I tried to do session_start() before anything still blank,
what did I miss?
(Aix 4.3.3, php 4.2.1,Apache 1.13.26)

^^^^^^^^^
The reason you haven't RTFM is?

By default, of course $PHPSESSID will be blank.. as to why, is a task
you're left to read about, but as a hint.... http://php.net/ ;)

Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.

Jul 16 '05 #5
On Wed, 13 Aug 2003 21:10:36 GMT in
<message-id:gP****************@newssvr27.news.prodigy.com>
"JohnS" <Pl**********@myaccount.com> wrote:
Is it that the *browser* generates the $PHPSESSID not PHP? And
therefore must at least load 1 php file before it can do so? I was
thinking it was generated by PHP as in *PHP*sessid....

right?

Just nod if you agree Ian....

Thanks!

John.

Well, John.. seeing as you're using PHP 4.2.1, have you checked your
register_globals settings in php.ini? oh, of course you have! you read
the very FINE manual properly didn't you? =)

Funny how php.net has this screaming out at you, and has done for
absolutely ages.. why oh why are people _still_ shocked when their
poorly written scripts fail (and yes, your method is _VERY_ poor and
insecure).

Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.
Jul 16 '05 #6
> Well, John.. seeing as you're using PHP 4.2.1, have you checked your
register_globals settings in php.ini? oh, of course you have! you read
the very FINE manual properly didn't you? =)
Indeed, I did...but not all of it...

Funny how php.net has this screaming out at you, and has done for
absolutely ages.. why oh why are people _still_ shocked when their
poorly written scripts fail (and yes, your method is _VERY_ poor and
insecure).


One day... when I am just as good as you...

Thanks for your help.
Cheers,
J.
Jul 16 '05 #7
On Wed, 13 Aug 2003 22:01:06 GMT in
<message-id:Cy*********************@newssvr13.news.prodigy. com>
"JohnS" <Pl**********@myaccount.com> wrote:
One day... when I am just as good as you...

John, it's not that at all.. apologies for the harshness.

A small summary to back up my harsh statement. Take your example here,
with $PHPSESSID. Obviously, sessions are supposed to be a "secure"
method for many things. So you're checking for $PHPSESSID, which is
nothing more here, than a variable. I access your site like
'yoursite.com/foo.php?PHPSESSID=abcdef123456' etc. I'm "half way there"
to either breaking or possibly expoiting your script. Now we go into
register_globals being disabled, by using my example URI here, you will
only be able to use that PHPSESSID var via $_GET['PHPSESSID'], whereas
for sessions, it would _HAVE_ to be: $_SESSION['PHPSESSID'] (or as it
stores a cookie, $_COOKIE['PHPSESSID']). As you can probably see here,
security has been enhanced for your script by making sure that the value
is coming from a predefined source, not just "anywhere".

Aside from the above, it also makes it much easier to read / follow your
code (especially if you return to it at a much later date fr upgrading /
maintenance or whatever, or for the next developer to read and follow
and take over from you).

I hope this clarifies things a little better for you, in a more friendly
manner =)


Thanks for your help.
Cheers,
J.

No probs.. am I to assume it was the globals issue? (just curious now =)
).

Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.
Jul 16 '05 #8
Ian:

Very good point!

Let me investigate further and modify my scripts. First I am going to Read
The Fantastic Manual once more...

Cheers,
John.
John, it's not that at all.. apologies for the harshness. No apologies needed.
No probs.. am I to assume it was the globals issue? (just curious now

=) ).
I had register_globals on, but now I am going to turn them off, and redo
some scripts. Better save than sHacked.

J.
Jul 16 '05 #9

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: AmigaLemming | last post by:
As I understand my admins installed a PHP server and now my plain HTML pages also want to set a PHPSESSID cookie when loaded into a browser. Can I suppress this, e.g. by creating a configuration...
4
by: Arnaud | last post by:
Hi ! I would like to propagate data between php pages, in two cases : the pages are read by : 1- Internet Explorer It's ok, data are writen in one page, and read from another. I don't use...
3
by: edward hage | last post by:
Hello , I want to pass some $_SESSION data to another page. I can pass PHPSESSID along using echo '<br /><a href="page2.php?' . SID .. '">page 2</a>'; However, I want to fill in a table...
0
by: Alex Shi | last post by:
Hi, I don't know how php process its session. I just noticed that for the first time a web site is loaded php will insert a PHPSESSID through out the page: it attach this id to links, insert...
2
by: frizzle | last post by:
Hi there I have a site in which all pages ARE php-pages, but they're called/manipulated with htaccess. All files appear as a html-file to surfers. Sometimes i get the PHPSESSID declared in the...
11
by: Alan Silver | last post by:
Hello, I am using this validator on a textbox, and have discovered that if I set the InitialValue property, then the validator correctly fires if the user does not change the initial value of...
0
by: John Smith | last post by:
Googlebot has been picking up numerous PHPSESSID name/value pairs in URIs at my website, and this causes duplicate hits and wasted bandwidth. I've since prevented PHPSESSID generation in my PHP...
29
by: CAH | last post by:
Hi Can you avoid that googlebot indexes PHPSESSID pages? Googlebot is indexing pages with PHPSESSID, which makes it think my page has a infinite number of pages. How can one avoid this? ...
1
by: Leszek | last post by:
Hi. How should I configure Apache2.2 with php5 so that PHPSESSID would be sent as a cookie ? Now I'm not getting any messages even if I set IE to ask about incoming cookies... So what is the...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.