Dormilich 8,658
Recognized Expert Moderator Expert
recently I encounter a very strange behaviour of the session variable. if the cookies are disabled, the session id is totally misplaced (see code). instead being attached to the URL it is placed before the > of the anchor tag. has anyone an idea, how to prevent that?
maybe I should note, that the HTML is coming from a XSL transformation…
and another note, if the anchor element contains a text node, the variable insertion is correct. - // with session ID
-
<a href="main.php?f=this"/&PHPSESSID=23…b3>
-
// without session ID
-
<a href="main.php?f=this"/>
11 2258 TheServant 1,168
Recognized Expert Top Contributor
You can completely disable URL SIDs by adding the following to your htaccess file:
php_value session.use_trans_sid 0
php_value session.use_only_cookies 1
From here. Apologies if you have already tried that.
Dormilich 8,658
Recognized Expert Moderator Expert
Apologies if you have already tried that.
yes, I’ve already tried that. but these option are overwritten when cookies are disabled in the browser (it all works well if cookies are enabled) - class Session
-
{
-
/**
-
* @var (string) $ID session ID
-
* @var (int) $uoc session via cookie
-
* @var (bool) $clt use URL for ID submit
-
* @var (bool) $cho cookie script access
-
*/
-
protected static $ID = NULL;
-
public static $clt = 0; // cookie persistence time
-
public static $uoc = true; // SID only in cookie
-
public static $cho = true; // cookie not available for client scripts
-
-
/**
-
* set php.ini values (cookie-only-session, magic gpc off) and
-
* begin/continue the session.
-
*
-
* @param (int) $lifetime session cache lifetime (min)
-
* @return (void)
-
*/
-
public function __construct(
-
$lifetime = 30
-
)
-
{
-
if (self::$ID === NULL)
-
{
-
ini_set('session.gc_maxlifetime', $lifetime*60);
-
ini_set('session.use_only_cookies', self::$uoc);
-
ini_set('session.cookie_lifetime', self::$clt);
-
ini_set('session.cookie_httponly', self::$cho);
-
session_start();
-
self::$ID = session_id();
-
}
-
}
-
-
// etc.
Markus 6,050
Recognized Expert Expert
That is strange behaviour - maybe you should open a bug.
Dormilich 8,658
Recognized Expert Moderator Expert
I have already done that (#50308).
Dormilich 8,658
Recognized Expert Moderator Expert
after some trials I found that if I add another attribute after the href, ID insertion works correct.
Frinavale 9,735
Recognized Expert Moderator Expert
Sorry for being such a newbie but does this happen with regular old PHP?
It seems really weird to me that it would do this.
In ASP.NET we have a web.config file where we can specify how Session behaves (could use cookieless session etc)
It seems very weird to me that PHP would put session identifiers into links etc on it's own.
Are you using some sort of PHP framework? Is that what's causing this?
-Frinny
Dormilich 8,658
Recognized Expert Moderator Expert
In ASP.NET we have a web.config file where we can specify how Session behaves (could use cookieless session etc)
how is a cookieless session done in ASP.NET?
It seems very weird to me that PHP would put session identifiers into links etc on it's own.
it does if there is no other possibility to keep the session. (if you don’t have cookies, where would you write the session id?)
Frinavale 9,735
Recognized Expert Moderator Expert
Cookieless sessions in ASP.NET put the session identifier into the URL. They are not secure because the identifier is in plain view...but people like to use them for insecure applications that allow more than one user to use the same session.
If you aren't using cookieless sessions in ASP.NET and cookies are turned off, then the ASP.NET application cannot use session. I still think it's very weird that PhP automatically assumes that you want to add the session identifier to links etc.
There must be a way to configure it not to do this.
Dormilich 8,658
Recognized Expert Moderator Expert
Cookieless sessions in ASP.NET put the session identifier into the URL.
the same as in PHP.
If you aren't using cookieless sessions in ASP.NET and cookies are turned off, then the ASP.NET application cannot use session.
PHP rather uses above method, than abandon the session (further code may depend on it)
it's very weird that PhP automatically assumes that you want to add the session identifier to links etc.
if you enable cookies, PHP won’t do this (unles you say so in php.ini)
Frinavale 9,735
Recognized Expert Moderator Expert
If I'm using session, and cookies have to be enabled to do so, I just write a simple JavaScript function that attempts to add a cookie. If the cookie can't be added then I display a message stating that the user has to enable cookies if they want to use the application.
Likewise I use the <noscript> tag to tell the user that they have to have JavaScript enabled (mainly because ASP.NET uses JavaScript to submit to the web server during certain client side events).
-Frinny
Dormilich 8,658
Recognized Expert Moderator Expert
it’s not as if I need the session (further, the session is deleted after half an hour). it just caches results from the page assembly. I can change that, if I’m able to do caching on the server. most people have cookies enabled anyways (and half the people use IE, which is not affected by this bug, because of its inability to use XHTML)
and I’m a fan of unobtrusive JavaScript.
Sign in to post your reply or Sign up for a free account.
Similar topics |
by: Syver Enstad |
last post by:
Here's the interactive session
Python 2.2.2 (#37, Oct 14 2002, 17:02:34) on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> ord('\xe5')
229
>>>...
|
by: Joe Wong |
last post by:
Hello,
I have a short program that the client make a connection to server, a thread is then created to poll any data sent from the server. The main thread will close the socket after 5 seconds....
|
by: Moshe |
last post by:
Page with a <form> action calls ASP page.
The ASP page has the following structure
<%@ LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<% Option Explicit %>
<% Server.ScriptTimeOut=100
With Response...
|
by: unknown |
last post by:
Hi,
I am developing an online book store with shopping cart.
My shopping cart is represented as a Xml server control
and I am using an XSLT to render it at the client side.
I am using an...
|
by: liam_weston |
last post by:
I have 2 supposedly identical Windows 2000 web servers each with IIS5.
Both have the ASPCODEPAGE set to 65001 (utf-8) in the metabase. The
first server has been running pages like the one below...
| |
by: Nuno Carvalho |
last post by:
Hi all,
I'm having a problem with session variables in vs .net 2003. I start by
doing this:
If Not IsPostBack Then
Dim dt As DataTable
Me.daAlias.Fill(Me.DsPhysicalAlias)
dt =...
|
by: mantrid |
last post by:
Hello
Im having problems working out why the following code does not work. I dont
think its the sql as the error occurs on the first update which ever one is
put there ($q1 or $q2). Ive swapped...
|
by: Gotch |
last post by:
Hi,
I'm getting a very strange behaviour while running a project I've
done.... Let's expose it: I've two projects. Both of them use a Form
to do some Gui stuff. Other threads pack up messages...
|
by: rob.selway |
last post by:
Hello,
I've written a website using PHP4/Mysql. The login function (that
creates 2 or 3 sessions) does not seem to work in IE, but does in
FireFox.
The strange thing is that when I lower the...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |