TECTED]>
Sent: Wednesday, June 05, 2002 4:50 PM
Subject: Re: [PHP] Sessions question (-enable-trans-sid)
> > Hmmm I've had a problem with this: I have --enable-trans-sid but I
> > see url appends on my browser when I *know* cookies are working.
>
>
> Personally I c
> Hmmm I've had a problem with this: I have --enable-trans-sid but I
> see url appends on my browser when I *know* cookies are working.
Personally I cant say this is a bad thing... not all browsers enable
cookies and they can be messy and insecure at times (eg: cross domain
issues). Placing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* and then 1LT John W. Holmes declared
> If you compile it with --enable-trans-sid, then PHP will use cookies when
> they are available and if they are not, it'll append the SID to links and
> forms. Basically, it's automatic.
Hmmm I've had
If you compile it with --enable-trans-sid, then PHP will use cookies when
they are available and if they are not, it'll append the SID to links and
forms. Basically, it's automatic.
---John Holmes...
- Original Message -
From: "Jeff Field" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent
I'm sure this is not a definitive answer, but I would assume that since you would be
passing the information through both the URI and Cookies, it will work regardless of
cookies enabled or disabled. On the other hand, if you are passing the session id
through the URI in the first place, you do
YES
It's been the basis of everything I've done so far with sessions.
Justin
on 03/06/02 9:05 AM, Glenn Sieb ([EMAIL PROTECTED]) wrote:
> At 08:32 AM 6/3/2002 +1000, Justin French posted the following...
>> sitepoint.com has a nice one on restricting pages with login/sessions, etc
>> by Kevin
At 08:32 AM 6/3/2002 +1000, Justin French posted the following...
>sitepoint.com has a nice one on restricting pages with login/sessions, etc
>by Kevin Yank.
http://www.WebmasterBase.com/article/319
Is that the one you're referring to, Justin? It seems pretty good.. :)
Glenn
---
The original
> Has anybody here used an online turoral that they feel is
> good for a newbie or has done wonders in helping you on when
> you were learning php? if so please send me the website name / URL.
http://www.devshed.com/Server_Side/PHP/UserAuth/page1.html
I found this one quite good - not so m
sitepoint.com has a nice one on restricting pages with login/sessions, etc
by Kevin Yank.
Justin French
on 03/06/02 8:38 PM, r ([EMAIL PROTECTED]) wrote:
> Hey Everyone,
>
> Been going through the manual and the book "PHP BlackBook" and am totally
> confused about sessions.
>
> Searched goog
Well that must mean that they are using session_name() and session_id(). I
really don't know why they are using that (considering it'll add
unnecessary overhead of calling session_name(),session_id() twice). My
guess is that they don't have a clue about the SID constant that
automatically ge
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* and then Ed Gorski declared
> 1. This is done for users that don't use cookies. Believe it or not but
> there are people out there that are afraid of cookies and automatically
> turn them off. Without appending the sessionid to the end of
1. This is done for users that don't use cookies. Believe it or not but
there are people out there that are afraid of cookies and automatically
turn them off. Without appending the sessionid to the end of the URL,
sessions won't work for these people. Now how does your host append to the
e
iate it.
Navid
-Original Message-
From: Jason Wong [mailto:[EMAIL PROTECTED]]
Sent: Sunday, May 19, 2002 4:17 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Sessions and Arrays
On Monday 20 May 2002 04:31, Navid Y. wrote:
> Hello Everyone,
>
> How do I send a single array, with many
On Monday 20 May 2002 04:31, Navid Y. wrote:
> Hello Everyone,
>
> How do I send a single array, with many values, through sessions?
> For example, I might have the following:
[snip]
Why? don't you just try it? Surely it's quicker to write some simple test code
than to ask on the list?
> By re
On Sun, 19 May 2002, Navid Y. wrote:
> Simple question: Will registering a variable twice, using
> session_register(), reset the value of the variable to a different
> value?
session_register() adds a variable to the list of variables that are
tracked by the session. If the variable has already b
> maintain state accross requests. This is done in 3 different ways.
> 1. Cookies
> 2. URL Mangling
> 3. HTTP Authentication
#4 Passing a SID/Session info in hidden fields, but it means
you must push every page move through a submit (which can be
done with Javascript, image buttons, etc), dep
> You're missing one method - using the user's IP address
> It's not a guaranteed fool-proof method, but if you don't
> want to use cookies or the URL, then this sorta works.
Unless there's a firewall using NAT or a proxy cache involved. I know
for a fact that our internal network only ever
Senior Software Engineer
ePliant Marketing
-Original Message-
From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 14, 2002 6:26 PM
To: Matthew Walker
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] Sessions Without Cookies or SID Passing...
> Could you explain how this could be acc
to:[EMAIL PROTECTED]]
Sent: Tuesday, May 14, 2002 5:30 PM
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] Sessions Without Cookies or SID Passing...
If it ain't foolproof then only a fool would use it ...
IP addresses are just about the worst way to identify anyone.
-Original Message-
From:
TECTED]
Subject: RE: [PHP] Sessions Without Cookies or SID Passing...
You're missing one method - using the user's IP address
It's not a guaranteed fool-proof method, but if you don't want to use
cookies or the URL, then this sorta works.
--
PHP General Mailing List (http://
> Could you explain how this could be accomplished, because I'm not
> understanding how to do it.
>
> As I understand HTTP Authentication (correct me if I'm wrong), the
> user's computer still has to send a 'username/password' pair to perform
> the authentication. I can't see how this could be use
-Original Message-
> From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 15, 2002 10:04 AM
> To: Matthew Walker
> Cc: [EMAIL PROTECTED]
> Subject: RE: [PHP] Sessions Without Cookies or SID Passing...
>
>
> I am understanding the problem perfectly. HTTP i
ew Walker
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] Sessions Without Cookies or SID Passing...
I am understanding the problem perfectly. HTTP is stateless. You want
to
maintain state accross requests. This is done in 3 different ways.
1. Cookies
2. URL Mangling
3. HTTP Authentication
You said
10:04 AM
To: Matthew Walker
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] Sessions Without Cookies or SID Passing...
I am understanding the problem perfectly. HTTP is stateless. You want to
maintain state accross requests. This is done in 3 different ways.
1. Cookies
2. URL Mangling
3. HTTP Authenti
On Tue, 14 May 2002, Matthew Walker wrote:
> The sites are not dynamic, but the shopping cart /is/. The problem is,
> if people don't have cookies on, when they return to the site to order
> more products, they loose the SID that has been appended to the links
> inside the cart, and thus loose the
customer's OrderID is, and other related information.
>
> Matthew Walker
> Senior Software Engineer
> ePliant Marketing
>
>
> -Original Message-
> From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 14, 2002 5:42 PM
> To: Matthew Walker
om: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 14, 2002 5:42 PM
To: Matthew Walker
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Sessions Without Cookies or SID Passing...
Use standard HTTP authentication over SSL - that's the only other way.
On Tue, 14 May 2002, Matthew Walker wrot
alker
Senior Software Engineer
ePliant Marketing
-Original Message-
From: Miguel Cruz [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 14, 2002 5:48 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Sessions Without Cookies or SID Passing...
On Tue, 14 May 2002, Matthew Walker wrote:
> Man
On Tue, 14 May 2002, Matthew Walker wrote:
> Many of the people who will be shopping on our sites have cookies
> disabled, which presents a problem when using sessions. Now, I am aware
> of the fact that we could append the SID constant to every URL, but this
> will not work for us. None of our si
Use standard HTTP authentication over SSL - that's the only other way.
On Tue, 14 May 2002, Matthew Walker wrote:
> We have a shopping cart product we're developing in PHP, and I've
> recently come across I dilemma that I need to find a reliable solution
> to.
>
> Many of the people who will be
Ok,
Let's see if I learned anything
- Original Message -
From: "Jas" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, May 13, 2002 2:30 AM
Subject: [PHP] sessions
> $msg = "You have been authorized to make changes to
the
> web site.";
> session_is_registered('u_name');
>
I'm using winxp and php.. can this be the problem. I solved the problem by
donwgrade to php 4.1.0..
"Austin Marshall" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Daniel SvanbäCk wrote:
> > Hi
> >
> > I have a problem. I can't send the session_id to the ne
Daniel SvanbäCk wrote:
> Hi
>
> I have a problem. I can't send the session_id to the next page. It worked
> before (when I had an old version of php, now I have 4.2.0). It can send the
> session_id() if it's a link, but not a header(). If it is a header I have to
> do this:
>
> define('MYSID', s
Yes, modify your php.ini file to tell PHP where to write the session to.
It's trying to write it to /tmp, which is either not a valid file, or
PHP doesn't have permissions to write a file there.
---John Holmes...
> -Original Message-
> From: Alex Francis [mailto:[EMAIL PROTECTED]]
> Sent
You'r right of course, the directory didn't exist. Working alright now.
--
Alex Francis
Cameron Design
35, Drumillan Hill
Greenock PA16 0XD
Tel 01475 798106
[EMAIL PROTECTED]
http://www.camerondesign.co.uk
This message is sent in confidence for the addressee only. It may contain
legally privile
On 4 May 2002 at 18:22, Alex Francis wrote:
> Warning: open(/tmp\sess_51d4849918d3ffe4d2cc70013d678f6b, O_RDWR)
> failed: No such file or directory (2)
Does the directory it's trying to write to exist? Seeing as you've posted this
question, I'll
assume that you don't understand the error messag
You can't mix PHP and JavaScript. They are two entirely different
languages that execute in completely different ways. PHP executes to
create the HTML _AND_ JavaScript. One PHP is finished; it sends you the
code and is finished. It has no interaction with the HTML or JavaScript
except to create it
> -Original Message-
> From: Padraig Kitterick [mailto:[EMAIL PROTECTED]]
> Sent: 26 April 2002 20:16
> To: [EMAIL PROTECTED]
> Subject: [PHP] Sessions with register_globals = off
>
>
> Am in need of help or I will loose my sanity!!! Im runnin Php
> 4.1.2 with
> Apache 1.3.22 on Win32 w
'Dennis Moore'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Saturday, April 27, 2002 11:33 PM
Subject: RE: [PHP] Sessions and Query String Variable Handling
> Not for server side. You can use a META REFRESH on the client side, but
> I personally find that ugly.
>
esult, and just echo
that variable where ever I need to.
---John Holmes...
> -Original Message-
> From: Dennis Moore [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, April 27, 2002 5:24 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: [PHP] Sessions and Query Stri
AIL PROTECTED]>
To: "'Dennis Moore'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Saturday, April 27, 2002 8:49 PM
Subject: RE: [PHP] Sessions and Query String Variable Handling
> $page = $_SERVER["SERVER_NAME"] . $_SERVER["SCRIPT_NAME"] .
&
You can also use
$page = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
- Original Message -
From: "John Holmes" <[EMAIL PROTECTED]>
To: "'Dennis Moore'" <[EMAIL PROTECTED]>; <[EMAIL PROTECT
You'll have to add an http:// to that string, too.
---John Holmes...
> -Original Message-
> From: John Holmes [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, April 27, 2002 5:50 PM
> To: 'Dennis Moore'; [EMAIL PROTECTED]
> Subject: RE: [PHP] Sessions and
$page = $_SERVER["SERVER_NAME"] . $_SERVER["SCRIPT_NAME"] .
$_SERVER["QUERY_STRING"];
That will recreate the URL that the user clicked on. Save that to a
variable before you check for a session. Once you start a session or
verify that one exists, use header() to send them back to that page.
-
On Friday, April 26, 2002, at 03:16 PM, Padraig Kitterick wrote:
> This is annoying as everyhwhere I read about sessions, Im told that if
> register_globals is off, I shouldnt use session_register(), all I need
> to do
> is:
>
> $HTTP_SESSION_VARS["myVar"] = $myVar;
This is not what the docum
Make sure you are using session_start() on each page and you should be
using $_SESSION["var"] = "value";, not $HTTP_SESSION_VARS...
---John Holmes...
> -Original Message-
> From: Padraig Kitterick [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 26, 2002 12:16 PM
> To: [EMAIL PROTECTED]
If you use files you might get the contens of the folder where sessions
stored and just count.
Jan
- Original Message -
From: "Fifield, Mike" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, April 26, 2002 5:57 PM
Subject: [PHP] sessions
> Is there a way to return the total num
On Fri, 26 Apr 2002, Fifield, Mike wrote:
> Is there a way to return the total number of sessions currently registered
> on a server?
You could count the files in the session store directory.
miguel
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/un
We use sessions on one of our extremely large (read: may load balanced
servers). Our solution is to store session data in the database. See the
following:
http://www.php.net/session-set-save-handler
David Piasecki
-Original Message-
From: Uijlenbroek, Maurice
[mailto:[EMAIL PROTECTED]
On Wednesday, April 17, 2002, at 04:40 PM, Vladislav Kulchitski wrote:
> Basically, let's say the cracker know that in my application I create a
> session variable named "auth_user" for valid users. Is there a way to
> hack into it if he knows this session variable name?
>
> Example:
>
> if($ac
might be a solution:
don't use a javascript includepage, instead use the "inline code" method in
a php.includefile, something like this
include "javascript.inc";
where the javascript.inc (js.inc, js.php, javascript.php - your name, your
choice) contains