Session variables in IE

Why on earth would the security settings affect session variables?
We're not setting a cookie here. I'm just trying to carry one session
variable over from one page to the next. If the security settings in IE
are set to "high", it doesn't work. What gives?

I noticed that Message-ID: <cbgaku$pff@odak26.prod.google.com> from R.
Rajesh Jeba Anbiah contained the following:

>> Why on earth would the security settings affect session variables?
>> We're not setting a cookie here.
>
>Wrong idea. Indeed, session uses cookie.

But it doesn't have to.

You can pass it via the url, e.g.
<A HREF="nextpage.php?<?php echo strip_tags(SID)?>">

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Matt wrote:

> Why on earth would the security settings affect session variables?
> We're not setting a cookie here. I'm just trying to carry one session
> variable over from one page to the next. If the security settings in IE
> are set to "high", it doesn't work. What gives?

Hi Matt,

In the stateless client-server-world:
To create a session the server needs to know which client it is talking to.
This is done by sending an unique long string of characters (sessionid) to
the client.
Next time the client sends a request to the server, it sends this sessionid
with it.

Most of the time this sessionid is stored in a coockie....
You can also use URL-rewritting to code the sessionid in the URL.

As for M$ IE-exploder: I *think* setting to high security means blocking
coockies for IE. Not sure, dropped that securityhole ages ago.

Hope that helps.

Regards,
Erwin Moller

Matt wrote:

> Why on earth would the security settings affect session variables?
> We're not setting a cookie here. I'm just trying to carry one session
> variable over from one page to the next. If the security settings in IE
> are set to "high", it doesn't work. What gives?

A session requires a cookie to store the session id. This not a PHP specific
thing. However, PHP does have a configuration option that forces the
session id to be appended to the URL rather than use a cookie (as a work
around to things not allowing cookies).
--
remove .nospam from e-mail address to reply

James McIninch wrote:

> Matt wrote:
>
>> Why on earth would the security settings affect session variables?
>> We're not setting a cookie here. I'm just trying to carry one session
>> variable over from one page to the next. If the security settings in IE
>> are set to "high", it doesn't work. What gives?
>
> A session requires a cookie to store the session id. This not a PHP
> specific thing. However, PHP does have a configuration option that forces
> the session id to be appended to the URL rather than use a cookie (as a
> work around to things not allowing cookies).


Damn it. I was going to give that answer. Can you believe it, I knew an
answer!