PHPSESSID on QueryString
This is a discussion on PHPSESSID on QueryString within the alt.comp.lang.php forums, part of the PHP Programming Forums category; Hi All, I am using session vars for admin security on some of my pages, to check if admin is ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-28-2006
|
|||
|
|||
PHPSESSID on QueryString
Hi All,
I am using session vars for admin security on some of my pages, to check if admin is logged on or not. This works AOK, But, when a non-authenticated user clicks a link on a page that has session_start() in it, the link is as I expect it to be, but has the following appended to it: ?PHPSESSID=793be....etc! Whoops....Brain storm at this point. Seems PHP is automatically appending this to enable sessions to work, as I had cookies disabled...clever! :) Please do let me know if I'm not quite right here! Cheers! Simon. -- - * Please reply to group for the benefit of all * Found the answer to your own question? Post it! * Get a useful reply to one of your posts?...post an answer to another one * Search first, post later : http://www.google.co.uk/groups * Want my email address? Ask me in a post...Cos2MuchSpamMakesUFat! -------------------------------------------------------------------------------- I am using the free version of SPAMfighter for private users. It has removed 9886 spam emails to date. Paying users do not have this message in their emails. Try SPAMfighter for free now! 
|
|
09-28-2006
|
|||
|
|||
|
Re: PHPSESSID on QueryString
On 09/28/2006 07:48 AM, Simon Harris wrote:
> Hi All, > > I am using session vars for admin security on some of my pages, to check if > admin is logged on or not. This works AOK, But, when a non-authenticated > user clicks a link on a page that has session_start() in it, the link is as > I expect it to be, but has the following appended to it: > > ?PHPSESSID=793be....etc! > > Whoops....Brain storm at this point. Seems PHP is automatically appending > this to enable sessions to work, as I had cookies disabled...clever! :) > > Please do let me know if I'm not quite right here! > > Cheers! > Simon. > You are correct. Set the preference "session.use_only_cookies" to "1" to disable that feature. -- paduille.4058.mumia.w@earthlink.net
|
|
09-28-2006
|
|||
|
|||
|
Re: PHPSESSID on QueryString
Simon Harris wrote: > Hi All, > > I am using session vars for admin security on some of my pages, to check if > admin is logged on or not. This works AOK, But, when a non-authenticated > user clicks a link on a page that has session_start() in it, the link is as > I expect it to be, but has the following appended to it: > > ?PHPSESSID=793be....etc! > > Whoops....Brain storm at this point. Seems PHP is automatically appending > this to enable sessions to work, as I had cookies disabled...clever! :) > > Please do let me know if I'm not quite right here! > > Cheers! > Simon. > Read this: <http://www.php.net/manual/en/ref.session.php#session.idpassing>
|
Linear Mode
