By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
431,661 Members | 781 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 431,661 IT Pros & Developers. It's quick & easy.

PHPSESSID

P: n/a
Dear Gurus

Is it correct that you do not have to pass the PHPSESSID in the header in
order to keep a session going. What are the advantages/disadvantages of
having the PHPSESSID in the header

e..g. http://www.myurl.com/index.php?PHPSESSID=......

Thank you

- Nicolaas
Jul 17 '05 #1
Share this Question
Share on Google+
7 Replies


P: n/a
windandwaves wrote:

Hi,
Dear Gurus

Is it correct that you do not have to pass the PHPSESSID in the header in
order to keep a session going.
header? no..
It is stored in a cookie most of the time. (Which is send along with the
headers)
What are the advantages/disadvantages of
having the PHPSESSID in the header

e..g. http://www.myurl.com/index.php?PHPSESSID=......
That is NOT a header.
That is an URL with some extra information. (Called GET or Querystring)

And it is a perfectly legal way pass the sessionid around from page to page.

Alternatively people use a cookie instead.

Regards,
Erwin Moller

Thank you

- Nicolaas


Jul 17 '05 #2

P: n/a
>> What are the advantages/disadvantages of
having the PHPSESSID in the header
e..g. http://www.myurl.com/index.php?PHPSESSID=......

And it is a perfectly legal way pass the sessionid around from page to
page.


Be careful though - if you use a redirect on every user that comes to you
page without PHPSESSID (the way PHPlib does it) you will have problems with
some search engine crawlers.

Otherwise it is better to just put a session id in cookie. Most of the users
have cookies enabled (and there is no reason anymore why they shouldn't),
as for the other few - if they knew how to disable cookies they also know
how to enable them.

The reason for not using cookies comes from times when you could not set
your browser to only allow session cookies. Those days are now long gone.

Regards,

Anze
Jul 17 '05 #3

P: n/a
Anze wrote:
What are the advantages/disadvantages of
having the PHPSESSID in the header
e..g. http://www.myurl.com/index.php?PHPSESSID=......

And it is a perfectly legal way pass the sessionid around from page
to page.


Be careful though - if you use a redirect on every user that comes to
you page without PHPSESSID (the way PHPlib does it) you will have
problems with some search engine crawlers.

Otherwise it is better to just put a session id in cookie. Most of
the users have cookies enabled (and there is no reason anymore why
they shouldn't), as for the other few - if they knew how to disable
cookies they also know how to enable them.

The reason for not using cookies comes from times when you could not
set your browser to only allow session cookies. Those days are now
long gone.

Regards,

Anze


Hmmm, it seems that I got the wrong information.

So I should ditch the PHPSESSID in the URL and add a cookie. I actually
thought you could do it without a cookie.

I would prefer to go without a cookie if possible (I have never used them),
but I will definitely use them if the search engines can not access my pages
properly (the session starts automatically when people visit the site).

Thank you for your responses.
- Nicolaas



Jul 17 '05 #4

P: n/a
windandwaves wrote:
Ideally, I would like to put all the session variable in my Mysql database.
Is that possible?
Jul 17 '05 #5

P: n/a
windandwaves wrote:
On
http://nz.php.net/manual/en/ref.sess...sion.idpassing

I read:

"Search engines in general don't support cookies, and they don't do well
with SIDs in the query string. If you use sessions, especially URL-based
sessions, and want your site to be search engine friendly, the following
works well:

<?php
$br = get_browser();
if (!($br->crawler))
{
// any session-related code goes here
}
else
{
// whatever your page needs to work without sessions
}
?>

To use the function get_browser() you may need to install browscap.ini. See
the documentation for get_browser() for more info"

browscap.ini is not installed for me, is there another way to recognise the
googles of this world?
Jul 17 '05 #6

P: n/a
Erwin Moller wrote:
[..........]
Alternatively people use a cookie instead.
What code do I need to add to change from URL to cookie based sessions? Is
it lots or just a few lines. My site works perfectly now, but it uses URL
rather than cookies. Before I change over, however, I will have a good luck
on all the implications, especially those relating to search engines.

Thank you for your reply.
Regards,
Erwin Moller

Thank you

- Nicolaas

Jul 17 '05 #7

P: n/a
windandwaves wrote:
Erwin Moller wrote:
[..........]
Alternatively people use a cookie instead.
What code do I need to add to change from URL to cookie based sessions?
Is
it lots or just a few lines. My site works perfectly now, but it uses URL
rather than cookies. Before I change over, however, I will have a good
luck on all the implications, especially those relating to search engines.


Hi,

You can also let PHP take care of the session.
Look into php.ini in the session-section, and read up on php.net
PHP has the ability to:
1) try cookie
2) If that is not supported by the browser: use URL-rewriting.
Note: The URL-rewriting is a bit of a misnomer: it does a lot more, also
rewrite imagemaps-urls, frames, etc.
All is complete effortless, PHP can handle the rewriting.

About the searchengines:
If you ONLY use your session for not relevant stuff, I expect that
searchengines can just walk through your site.
for example:
If you have a session you print A, otherwise you print B
So the webcrawler will see B, assuming it didn't log in.

As far as I know webcrawlers do not use cookies, but just follow hyperlinks.

hope that helps a bit.

Regards,
Erwin Moller


Thank you for your reply.
Regards,
Erwin Moller

Thank you

- Nicolaas


Jul 17 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.