SitePoint Sponsor

User Tag List

Results 1 to 6 of 6

Thread: PHO SSID

  1. #1
    SitePoint Member
    Join Date
    May 2013
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHO SSID

    I have issue with SID and passing to URL. I am bit new to all php MySQL but trying as best. So I have managed to have login form working and then user can direct to their own page by link after logged in. I want that link to pass SID or some random string///I have code for some random string, but its not working--another topic in itself...aside, from all my reading here and there SSID maybe not safe by passing this value to their page: Anyway, my code echo "<a href="page.php?<?php echo htmlspecialchars(SID); ?>">click here</a>.

    So, this translates to page.php?PHPSESSID=7fd4ac2ba0ae0bd23ea0ebc93e88f63d......How can I append or remove the PHPSESSID part from the URL SO IT WILL JUST LOOK LIKE page.php?you=7fd4ac2ba0ae0bd23ea0ebc93e88f63d or so, without PHPSESSID being shown and its a bit juvenile looking? Ok, any help much appreciated.

  2. #2
    SitePoint Evangelist captainccs's Avatar
    Join Date
    Mar 2004
    Location
    Caracas, Venezuela
    Posts
    516
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by TWOtoes View Post
    How can I append or remove the PHPSESSID part from the URL SO IT WILL JUST LOOK LIKE page.php?you=7fd4ac2ba0ae0bd23ea0ebc93e88f63d or so, without PHPSESSID being shown and its a bit juvenile looking? Ok, any help much appreciated.
    Use
    Code:
    php_flag session.use_trans_sid off
    in .htaccess to force php to use cookies.

    http://www.php.net/manual/en/session....use-trans-sid
    Denny Schlesinger
    web services

  3. #3
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    There is also session_name().
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  4. #4
    SitePoint Member
    Join Date
    May 2013
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I see in my .ini that session.use_trans_sid 0 so it is 'off' and thus according to php is auto set to 'off' at default for versions and also I am on iis so web.config file need the code to change anything for that to force the cookies. I am confused how to set code out the Code: php_flag session.use_trans_sid off if that is code in the proper syntax and also for the There is also session_name(). link http://us1.php.net/manual/en/session...i.session.name refers to that being directed back to Defaults to PHPSESSID and so more must be called before session. Please provide more depth to this as I am not scratching the surface all the way here. thanks.

  5. #5
    SitePoint Evangelist captainccs's Avatar
    Join Date
    Mar 2004
    Location
    Caracas, Venezuela
    Posts
    516
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    There are many places where you can change the php settings. To make sure what the real settings are add a phpinfo.php file to the directory where your script is. The file should contain only
    PHP Code:
    <?php echo phpinfo (); ?>
    You want the following settings:

    Code:
    session.use_cookies	On	On
    session.use_trans_sid	0	0
    Note: After you are done with phpinfo.php delete the file because you don't want to let hackers know your settings.
    Denny Schlesinger
    web services

  6. #6
    SitePoint Member
    Join Date
    May 2013
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    session.use_trans_sid = 0 I have this set like so already, I do not see how still I can in fact use session with my original post as removing the PHPSESSID part in the url, by the answers above. (PHPSESSID=7fd4ac2ba0ae0bd23ea0ebc93e88f63d). I have responded quite clearly about not using cookie as passing SID once logged in. Please be more detailed and provide a live example if possible, thanks.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •