Hi all,
I am creating a login system. I am using sessions. It's working fine. I
have seen some login systems where they pass session id as part of URL.
I am not doing it in my login system but it's working fine. I just
wanted to know why is it necessary to pass session id by URL? I have
chosen not to do it. Am I missing something? 7 5437
If you use the url, you don't need cookies turned on
Ian http://www.examples.roughian.com/ cr*********@yahoo.com wrote:
Hi all,
I am creating a login system. I am using sessions. It's working fine. I
have seen some login systems where they pass session id as part of URL.
I am not doing it in my login system but it's working fine. I just
wanted to know why is it necessary to pass session id by URL? I have
chosen not to do it. Am I missing something?
cr*********@yahoo.com wrote:
Hi all,
I am creating a login system. I am using sessions. It's working fine. I
have seen some login systems where they pass session id as part of URL.
I am not doing it in my login system but it's working fine. I just
wanted to know why is it necessary to pass session id by URL? I have
chosen not to do it. Am I missing something?
The PHP session system uses cookies to track users by default. (The
browser sends the a cookie created by PHP with a phrase PHP can use to
lookup up user information). If PHP can't use cookies (i.e. you set
it), it tags the session ID along on every URL. You're not missing out
on anything. Cookies are actually prefered because they are more secure
and make URL look better. cr*********@yahoo.com wrote:
I am creating a login system. I am using sessions. It's working fine. I
have seen some login systems where they pass session id as part of URL.
I am not doing it in my login system but it's working fine. I just
wanted to know why is it necessary to pass session id by URL? I have
chosen not to do it. Am I missing something?
As not everyone uses cookies, as they are so commonly used to track what sites
a person visits, so cookie based sessions won't work for everyone.
//Aho
That's a good point.
Although PHP will attempt to use session cookies by default, it will
rewrite links and form submissions if cookies are unable to be set. You
should note that it uses & in the querystring, which will break an
XHTML document served as application/xhtml+xml. You can change that in
php.ini. Under data handling, the arg_separator.output field can be
changed to &, if so desired.
Curtis
On Nov 26, 10:04 pm, "J.O. Aho" <u...@example.netwrote:
crescent...@yahoo.com wrote:
I am creating a login system. I am using sessions. It's working fine. I
have seen some login systems where they pass session id as part of URL.
I am not doing it in my login system but it's working fine. I just
wanted to know why is it necessary to pass session id by URL? I have
chosen not to do it. Am I missing something?As not everyone uses cookies, as they are so commonly used to track what sites
a person visits, so cookie based sessions won't work for everyone.
//Aho
Most everyone uses cookies; it makes url's easier to manage and read.
Another problem pops up when people who don't understand session ids
(most everyone) sends a link to someone else - the session ID is
transmitted too, and suddenly they're logged in on someone elses
account.
phpBB uses cookies to store its session ids. However when you're
logged into the admin control panel, the session id is stored in the
url (and I would assume, the cookie too) this is presumably an
additional security feauture.
"As not everyone uses cookies, as they are so commonly used to track
what sites
a person visits, so cookie based sessions won't work for everyone."
While there are certainly people who don't allow any cookies, these
people are more than used to having websites not work. There is no
reason to cater to a group like that.
dimo414 wrote:
>"As not everyone uses cookies, as they are so commonly used to track what sites a person visits, so cookie based sessions won't work for everyone."
While there are certainly people who don't allow any cookies, these
people are more than used to having websites not work. There is no
reason to cater to a group like that.
There are "firewalls" which filters away cookies, as default setting, which
can make the user unaware that they don't use cookies.
A site that can work under different circumstances, is a well done site, while
a site that require that everyone has X and feature Y is a badly done site and
we shouldn't even talk about sites that by default makes users of Z to not be
able to use it.
//Aho
>Most everyone uses cookies; it makes url's easier to manage and read.
Surfers do not unblock cookies "because it makes url's easier to
manage and read". Surfers do not manage URLs and only rarely read
them. They may unblock cookies but not for that reason. Webmasters
do not get to unblock cookies for surfers, except perhaps for making
the site unusable without them, in which case many surfers will
just leave.
>Another problem pops up when people who don't understand session ids (most everyone) sends a link to someone else - the session ID is transmitted too, and suddenly they're logged in on someone elses account.
Webmasters who don't time out sessions are asking for trouble here.
Although the problem can still exist, even a 2-hour timeout (restarted
every time a user reloads a page) can prevent a lot of problems with
URLs posted to USENET.
>phpBB uses cookies to store its session ids. However when you're logged into the admin control panel, the session id is stored in the url (and I would assume, the cookie too) this is presumably an additional security feauture.
"As not everyone uses cookies, as they are so commonly used to track what sites a person visits, so cookie based sessions won't work for everyone." While there are certainly people who don't allow any cookies, these people are more than used to having websites not work. There is no reason to cater to a group like that. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Damien |
last post by:
Hi to all,
I'm currently re-designing our intranet : nice and lean CSS2, cleaned-up
PHP 4.3.7, better-normalized MySQL ;o). So I've started using the
$_SESSION variable instead of register_globals...
|
by: mudge |
last post by:
I'm running PHP Version 4.3.10. I'm trying to make it so that when a
person logs in using a user name and password that their session is
valid and continues for a few months so they don't have to...
|
by: Al Jones |
last post by:
This is a repost form the vbscript newgroup - if this isn't the appropriate
group would you point me toward one that is.
Basically, I seem to be losing session data part way though preparing an...
|
by: Abhilash.k.m |
last post by:
This is regarding the session management using Out of
proc session management(SQL SERVER). Among the samples
below which one is better to set the session?
1. There are 20 session...
|
by: joseph conrad |
last post by:
Hi,
I tried to implement my own session handler in order to keep control on
the process
the drawback I foun it is not creating and storing in my cookie the
PHPSESSID variable anymore.
reading te...
|
by: aroraamit81 |
last post by:
Hi,
I am facing a trouble. I have some Session variables in my code and
somehow my session variables are getting mixed up with other users.
For example User A has access to 10 companies and...
|
by: aroraamit81 |
last post by:
Well Guys, Here is a very strange trouble. When more than one users
request tto same page at the same time then our session gets
conflicted.
Moreover I printed my SessionID, strangely but true I...
|
by: TRB_NV |
last post by:
I'd been using an Access database based shopping cart, but wanted to change
it so that it would use session variables. I have a form that's submitted
to a page called addtocart.asp that contains...
|
by: Santosh |
last post by:
Dear All
i am writting a code sending mail with attachement.
i am writting code for sending mail in one page and code for attaching
a file in the next page.
aftet attaching a file i am taking...
|
by: lyealain |
last post by:
<%
If Session("username") = "" Then
Response.Redirect("/CLS/Login.asp")
End If
Dim conn
Dim connectstr
Dim db_name, db_username, db_userpassword
Dim db_server
Dim res
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| |