Where is SID?

Michael Satterwhite wrote:

OK, I'll admit I've been doing it wrong (using session_register()), so I'm
trying to correct my ways, but...

My script starts with
<?php
session_start();
?>

In the body of my page a link as follows:

<a href="targetUrl.php?<php print SID; ?>">Target text</a>

Problem: SID is an empty string. I even tried
echo "SID: " . SID . '<br />';

and SID echoes as an empty string. Why?

I asked this a few weeks back - you might be able to do a search for the
thread, although none of the answers were especially illuminating. It
appears the SID constant is only set under certain circumstances. I never
did work out what they were. Use the session_id() function to get the
session ID - that appears to be the correct and reliable way to do it.

--
The email address used to post is a spam pit. Contact me at
http://www.derekfountain.org : <a
href="http://www.derekfountain.org/">Derek Fountain</a>

Derek Fountain wrote:

Michael Satterwhite wrote:

OK, I'll admit I've been doing it wrong (using session_register()), so I'm
trying to correct my ways, but...

My script starts with
<?php
session_start();
?>

In the body of my page a link as follows:

<a href="targetUrl.php?<php print SID; ?>">Target text</a>

Problem: SID is an empty string. I even tried
echo "SID: " . SID . '<br />';

and SID echoes as an empty string. Why?

I asked this a few weeks back - you might be able to do a search for the
thread, although none of the answers were especially illuminating. It
appears the SID constant is only set under certain circumstances. I never
did work out what they were. Use the session_id() function to get the
session ID - that appears to be the correct and reliable way to do it.

Would $SID help?

> Would $SID help?

No, SID is a constant, not a variable.

The page at http://www.php.net/session_id makes a feeble effort at
explanation, including the sentence "Note that SID is only defined if the
client didn't send the right cookie." No definition of what the "right
cookie" might be, of course...

--
The email address used to post is a spam pit. Contact me at
http://www.derekfountain.org : <a
href="http://www.derekfountain.org/">Derek Fountain</a>

Michael Satterwhite wrote:
<snip>

In the body of my page a link as follows:

<a href="targetUrl.php?<php print SID; ?>">Target text</a>

Problem: SID is an empty string. I even tried
echo "SID: " . SID . '<br />';

and SID echoes as an empty string. Why?

It is quite sad that most of the people are manually suffixing the
SID. In PHP there is *no* need to append it manually--there are some
elegant settings for that and also good way to do that. It is better to
start using the function after knowing the concept--in this case "What
is session?" <http://in.php.net/session>

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

I noticed that Message-ID:
<11**********************@o13g2000cwo.googlegroups .com> from R. Rajesh
Jeba Anbiah contained the following:

It is quite sad that most of the people are manually suffixing the
SID. In PHP there is *no* need to append it manually--there are some
elegant settings for that and also good way to do that.

But many people do not have control over the server and ini_set will not
enable trans_sid

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

.oO(Derek Fountain)

I asked this a few weeks back - you might be able to do a search for the
thread, although none of the answers were especially illuminating. It
appears the SID constant is only set under certain circumstances.

It's set if no session cookies are allowed. If the session ID is stored
in a cookie you don't need to append it to URLs, so SID will be empty.

Micha

Michael Satterwhite <mi*****************@weblore.com> wrote in
news:02******************@fe2.texas.rr.com:

OK, I'll admit I've been doing it wrong (using session_register()), so
I'm trying to correct my ways, but...

My script starts with
<?php
session_start();
?>

In the body of my page a link as follows:

<a href="targetUrl.php?<php print SID; ?>">Target text</a>

Problem: SID is an empty string. I even tried
echo "SID: " . SID . '<br />';

and SID echoes as an empty string. Why?

Because you have cookies enabled, and are accepting
a cookie from your domain with the PHP page, and using
a browser that supports cookies ;-)

Do yourself a favour and use the Firefox browser, and
get the LiveHTTPHeaders extension. You can then see
the 'HTTP conversation' between your browser and the
server, and you'll see the session cookie being set,
and returned.

http://www.php.net/manual/en/ref.session.php

Predefined Constants
--------------------
SID (string)
Constant containing either the session name and session ID in
the form of "name=ID" or empty string if session ID was set in
an appropriate session cookie.

Passing the Session ID
----------------------
Alternatively, you can use the constant SID which is always defined.
If the client did not send an appropriate session cookie, it has the
form session_name=session_id. Otherwise, it expands to an empty string.
Thus, you can embed it unconditionally into URLs.

--
Dave Patton
Canadian Coordinator, Degree Confluence Project
http://www.confluence.org/
My website: http://members.shaw.ca/davepatton/

"R. Rajesh Jeba Anbiah" <ng**********@rediffmail.com> wrote in
news:11**********************@o13g2000cwo.googlegr oups.com:

Michael Satterwhite wrote:
<snip>

In the body of my page a link as follows:

<a href="targetUrl.php?<php print SID; ?>">Target text</a>

Problem: SID is an empty string. I even tried
echo "SID: " . SID . '<br />';

and SID echoes as an empty string. Why?

It is quite sad that most of the people are manually suffixing the
SID. In PHP there is *no* need to append it manually

That's not entirely true.
If cookies are disabled, PHP may append SID to the URL query
string, depending on the PHP configuration(e.g. use_trans_sid),
but redirections using header() will not be affected, so you
may want to include the use of SID in your header() calls.

--
Dave Patton
Canadian Coordinator, Degree Confluence Project
http://www.confluence.org/
My website: http://members.shaw.ca/davepatton/

Dave Patton wrote:

"R. Rajesh Jeba Anbiah" <ng**********@rediffmail.com> wrote in
news:11**********************@o13g2000cwo.googlegr oups.com:

<snip>

It is quite sad that most of the people are manually suffixing the SID. In PHP there is *no* need to append it manually

That's not entirely true.
If cookies are disabled, PHP may append SID to the URL query
string, depending on the PHP configuration(e.g. use_trans_sid),
but redirections using header() will not be affected, so you
may want to include the use of SID in your header() calls.

I hope, I didn't give wrong info--I was talking about url rewriting
alone. Anyway, thanks for pointing out. Keep visiting c.l.php often.

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Geoff Berrow wrote:

I noticed that Message-ID:
<11**********************@o13g2000cwo.googlegroups .com> from R. Rajesh Jeba Anbiah contained the following:

It is quite sad that most of the people are manually suffixing theSID. In PHP there is *no* need to append it manually--there are some
elegant settings for that and also good way to do that.
But many people do not have control over the server and ini_set will

not enable trans_sid

Without using htaccess:

1. To turn on
session_start();
output_add_rewrite_var(session_name(), session_id());

2. To turn off
ini_set('url_rewriter.tags', '');
session_start();

*Warning: Not tested thoroughly

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

R. Rajesh Jeba Anbiah wrote:

Geoff Berrow wrote: <snip>

But many people do not have control over the server and ini_set

will not

enable trans_sid

Also, this is not true in PHP 5.

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

I noticed that Message-ID:
<11**********************@o13g2000cwo.googlegroups .com> from R. Rajesh
Jeba Anbiah contained the following:

But many people do not have control over the server and ini_set will

not

enable trans_sid

Without using htaccess:

1. To turn on
session_start();
output_add_rewrite_var(session_name(), session_id());

2. To turn off
ini_set('url_rewriter.tags', '');
session_start();

*Warning: Not tested thoroughly

If it works, it will be great!

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

I noticed that Message-ID:
<11**********************@o13g2000cwo.googlegroups .com> from R. Rajesh
Jeba Anbiah contained the following:

> But many people do not have control over the server and ini_set

will

not

> enable trans_sid

Also, this is not true in PHP 5.

True, but I doubt it is widely implemented ATM.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/