Hi,
When I initially start my browser (any of 'm) and point it to my PHP script
the $PHPSESSID is always blank.
On all subsequent hits or after a refresh the value for $PHPSESSID is
fine... why do I have to complete a php file before the $PHPSESSID is set?
I tried to do session_start() before anything still blank, what did I
miss?
(Aix 4.3.3, php 4.2.1,Apache 1.13.26)
Thanks!
John.
8  6850 
On Wed, 13 Aug 2003 20:26:57 GMT in
<message-id:la*********************@newssvr13.news.prodigy. com>
"JohnS" <Pl**********@myaccount.com> wrote: Hi,
When I initially start my browser (any of 'm) and point it to my PHP
script the $PHPSESSID is always blank.
On all subsequent hits or after a refresh the value for $PHPSESSID is
fine... why do I have to complete a php file before the $PHPSESSID is
set? I tried to do session_start() before anything still blank,
what did I miss?
(Aix 4.3.3, php 4.2.1,Apache 1.13.26)
^^^^^^^^^
The reason you haven't RTFM is?
By default, of course $PHPSESSID will be blank.. as to why, is a task
you're left to read about, but as a hint.... http://php.net/ ;)
Regards,
Ian
--
Ian.H [Design & Development]
digiServ Network - Web solutions www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.
Ok ok, I'm reading the "Fantastic" manual right now....again...
J.
btw. I did before...no answer yet... any more hints?
"Ian.H [dS]" <ia*@WINDOZEdigiserv.net> wrote in message
news:20030813215128.2a35a071.ia*@WINDOZEdigiserv.n et... On Wed, 13 Aug 2003 20:26:57 GMT in
<message-id:la*********************@newssvr13.news.prodigy. com>
"JohnS" <Pl**********@myaccount.com> wrote:
Hi,
When I initially start my browser (any of 'm) and point it to my PHP
script the $PHPSESSID is always blank.
On all subsequent hits or after a refresh the value for $PHPSESSID is
fine... why do I have to complete a php file before the $PHPSESSID is
set? I tried to do session_start() before anything still blank,
what did I miss?
(Aix 4.3.3, php 4.2.1,Apache 1.13.26)
^^^^^^^^^
The reason you haven't RTFM is?
By default, of course $PHPSESSID will be blank.. as to why, is a task
you're left to read about, but as a hint.... http://php.net/ ;)
Regards,
Ian
--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.
"JohnS" <Pl**********@myaccount.com> wrote in
news:wE*****************@newssvr27.news.prodigy.co m: Ok ok, I'm reading the "Fantastic" manual right now....again...
J.
btw. I did before...no answer yet... any more hints?
Session ID is returned from the browser. The browser doesn't have it until
after it loads the first page of the session. This behavior is by intent.
Is there a way to retrieve a cookie you just set?
--
Larry Flynt for Governor
Bringing dignity back to the Governor's Mansion
Terry Austin ta*****@hyperbooks.com
Is it that the *browser* generates the $PHPSESSID not PHP? And therefore
must at least load 1 php file before it can do so? I was thinking it was
generated by PHP as in *PHP*sessid....
right?
Just nod if you agree Ian....
Thanks!
John.
"Ian.H [dS]" <ia*@WINDOZEdigiserv.net> wrote in message
news:20030813215128.2a35a071.ia*@WINDOZEdigiserv.n et... On Wed, 13 Aug 2003 20:26:57 GMT in
<message-id:la*********************@newssvr13.news.prodigy. com>
"JohnS" <Pl**********@myaccount.com> wrote:
Hi,
When I initially start my browser (any of 'm) and point it to my PHP
script the $PHPSESSID is always blank.
On all subsequent hits or after a refresh the value for $PHPSESSID is
fine... why do I have to complete a php file before the $PHPSESSID is
set? I tried to do session_start() before anything still blank,
what did I miss?
(Aix 4.3.3, php 4.2.1,Apache 1.13.26)
^^^^^^^^^
The reason you haven't RTFM is?
By default, of course $PHPSESSID will be blank.. as to why, is a task
you're left to read about, but as a hint.... http://php.net/ ;)
Regards,
Ian
--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.
On Wed, 13 Aug 2003 21:10:36 GMT in
<message-id:gP****************@newssvr27.news.prodigy.com>
"JohnS" <Pl**********@myaccount.com> wrote: Is it that the *browser* generates the $PHPSESSID not PHP? And
therefore must at least load 1 php file before it can do so? I was
thinking it was generated by PHP as in *PHP*sessid....
right?
Just nod if you agree Ian....
Thanks!
John.
Well, John.. seeing as you're using PHP 4.2.1, have you checked your
register_globals settings in php.ini? oh, of course you have! you read
the very FINE manual properly didn't you? =)
Funny how php.net has this screaming out at you, and has done for
absolutely ages.. why oh why are people _still_ shocked when their
poorly written scripts fail (and yes, your method is _VERY_ poor and
insecure).
Regards,
Ian
--
Ian.H [Design & Development]
digiServ Network - Web solutions www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.
> Well, John.. seeing as you're using PHP 4.2.1, have you checked your register_globals settings in php.ini? oh, of course you have! you read
the very FINE manual properly didn't you? =)
Indeed, I did...but not all of it...
Funny how php.net has this screaming out at you, and has done for
absolutely ages.. why oh why are people _still_ shocked when their
poorly written scripts fail (and yes, your method is _VERY_ poor and
insecure).
One day... when I am just as good as you...
Thanks for your help.
Cheers,
J.
On Wed, 13 Aug 2003 22:01:06 GMT in
<message-id:Cy*********************@newssvr13.news.prodigy. com>
"JohnS" <Pl**********@myaccount.com> wrote: One day... when I am just as good as you...
John, it's not that at all.. apologies for the harshness.
A small summary to back up my harsh statement. Take your example here,
with $PHPSESSID. Obviously, sessions are supposed to be a "secure"
method for many things. So you're checking for $PHPSESSID, which is
nothing more here, than a variable. I access your site like
'yoursite.com/foo.php?PHPSESSID=abcdef123456' etc. I'm "half way there"
to either breaking or possibly expoiting your script. Now we go into
register_globals being disabled, by using my example URI here, you will
only be able to use that PHPSESSID var via $_GET['PHPSESSID'], whereas
for sessions, it would _HAVE_ to be: $_SESSION['PHPSESSID'] (or as it
stores a cookie, $_COOKIE['PHPSESSID']). As you can probably see here,
security has been enhanced for your script by making sure that the value
is coming from a predefined source, not just "anywhere".
Aside from the above, it also makes it much easier to read / follow your
code (especially if you return to it at a much later date fr upgrading /
maintenance or whatever, or for the next developer to read and follow
and take over from you).
I hope this clarifies things a little better for you, in a more friendly
manner =)
Thanks for your help.
Cheers,
J.
No probs.. am I to assume it was the globals issue? (just curious now =)
).
Regards,
Ian
--
Ian.H [Design & Development]
digiServ Network - Web solutions www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.
Ian:
Very good point!
Let me investigate further and modify my scripts. First I am going to Read
The Fantastic Manual once more...
Cheers,
John. John, it's not that at all.. apologies for the harshness.
No apologies needed.
No probs.. am I to assume it was the globals issue? (just curious now
=) ).
I had register_globals on, but now I am going to turn them off, and redo
some scripts. Better save than sHacked.
J. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: AmigaLemming |
last post by:
As I understand my admins installed a PHP server and now my plain HTML
pages also want to set a PHPSESSID cookie when loaded into a browser.
Can I suppress this, e.g. by creating a configuration...
|
by: Arnaud |
last post by:
Hi !
I would like to propagate data between php pages, in two cases :
the pages are read by :
1- Internet Explorer
It's ok, data are writen in one page, and read from another. I don't use...
|
by: edward hage |
last post by:
Hello ,
I want to pass some $_SESSION data to another page.
I can pass PHPSESSID along using echo '<br /><a href="page2.php?' . SID
.. '">page 2</a>';
However, I want to fill in a table...
|
by: Alex Shi |
last post by:
Hi,
I don't know how php process its session. I just noticed that
for the first time a web site is loaded php will insert a
PHPSESSID through out the page: it attach this id to links,
insert...
|
by: frizzle |
last post by:
Hi there
I have a site in which all pages ARE php-pages, but
they're called/manipulated with htaccess.
All files appear as a html-file to surfers.
Sometimes i get the PHPSESSID declared in the...
|
by: Alan Silver |
last post by:
Hello,
I am using this validator on a textbox, and have discovered that if I
set the InitialValue property, then the validator correctly fires if the
user does not change the initial value of...
|
by: John Smith |
last post by:
Googlebot has been picking up numerous PHPSESSID name/value pairs in
URIs at my website, and this causes duplicate hits and wasted bandwidth.
I've since prevented PHPSESSID generation in my PHP...
|
by: CAH |
last post by:
Hi
Can you avoid that googlebot indexes PHPSESSID pages? Googlebot is
indexing pages with PHPSESSID, which makes it think my page has a
infinite number of pages. How can one avoid this?
...
|
by: Leszek |
last post by:
Hi.
How should I configure Apache2.2 with php5 so that PHPSESSID would be sent
as a cookie ? Now I'm not getting any messages even if I set IE to ask
about incoming cookies...
So what is the...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
