samesch Sat Feb 1 12:33:04 2003 EDT Modified files: /phpdoc/en/reference/session reference.xml Log: added tags Index: phpdoc/en/reference/session/reference.xml diff -u phpdoc/en/reference/session/reference.xml:1.29 phpdoc/en/reference/session/reference.xml:1.30 --- phpdoc/en/reference/session/reference.xml:1.29 Sun Jan 26 10:19:02 2003 +++ phpdoc/en/reference/session/reference.xml Sat Feb 1 12:33:04 2003 @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="iso-8859-1"?> -<!-- $Revision: 1.29 $ --> +<!-- $Revision: 1.30 $ --> <reference id="ref.session"> <title>Session handling functions</title> <titleabbrev>Sessions</titleabbrev> @@ -72,8 +72,9 @@ addditional protections -- this usually comes at a price, reduced convenience for the user. For example, if you want to protect users from simple social engineering tactics, you need to enable - session.use_only_cookies. In that case, cookies must be enabled - unconditionally on the user side, or sessions will not work. + <literal>session.use_only_cookies</literal>. In that case, + cookies must be enabled unconditionally on the user side, or + sessions will not work. </para> <para> There are several ways to leak an existing session id to third parties. @@ -162,7 +163,7 @@ are accessible like any other variables. <example> <title> - Registering a variable with $_SESSION. + Registering a variable with <varname>$_SESSION</varname>. </title> <programlisting role="php"> <![CDATA[ @@ -180,7 +181,9 @@ </example> <example> <title> - Unregistering a variable with $_SESSION and register_globals disabled. + Unregistering a variable with <varname>$_SESSION</varname> and + <link + linkend="ini.register-globals"><literal>register_globals</literal></link> +disabled. </title> <programlisting role="php"> <![CDATA[ @@ -194,8 +197,10 @@ </example> <example> <title> - Unregistering a variable with register_globals enabled, after - registering it using $_SESSION. + Unregistering a variable with <link + linkend="ini.register-globals"><literal>register_globals</literal></link> + enabled, after registering it using + <varname>$_SESSION</varname>. </title> <programlisting role="php"> <![CDATA[ @@ -220,9 +225,7 @@ <varname>$_SESSION</varname>. <caution> <para> - If you are using - <varname>$_SESSION</varname> - and disable <link + If you are using <varname>$_SESSION</varname> and disable <link linkend="ini.register-globals"><literal>register_globals</literal></link>, do not use <function>session_register</function>, <function>session_is_registered</function> and @@ -305,8 +308,9 @@ PHP 4.2 or later, you need to enable it manually when building PHP. Under UNIX, pass <link linkend="install.configure.enable-trans-sid"> <literal>--enable-trans-sid</literal></link> to configure. If this build - option and the run-time option session.use_trans_sid are enabled, - relative URIs will be changed to contain the session id automatically. + option and the run-time option + <literal>session.use_trans_sid</literal> are enabled, relative + URIs will be changed to contain the session id automatically. <note> <para> The <link linkend="ini.arg-separator.output">arg_separator.output</link>
-- PHP Documentation Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php