SitePoint Sponsor

User Tag List

Results 1 to 15 of 15

Thread: Session

  1. #1
    SitePoint Zealot amrknt's Avatar
    Join Date
    Nov 2003
    Location
    india
    Posts
    192
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Session

    Hi friends,
    1)Yes, sessions automatically use cookies. If the user has cookies disabled that means you cannot track the session id without doing something extra. In that case, you have to include the session id in a query string. Since that problem was anticipated, sessions provide a predefined constant called SID that you can pass in a query string which contains the session id. See www.php.net for details on SID. The rest of your code remains the same.
    Above has taken from http://www.sitepoint.com/forums/showthread.php?t=27128. Now I don't want to show the SID in my URL string using GET mehtod. In this case what should I do.

    Thanx Again!

  2. #2
    SitePoint Zealot
    Join Date
    Jan 2004
    Location
    uk
    Posts
    110
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by amrknt
    Hi friends,
    Above has taken from http://www.sitepoint.com/forums/showthread.php?t=27128. Now I don't want to show the SID in my URL string using GET mehtod. In this case what should I do.

    Thanx Again!
    Write code that doesn't need sessions.

    OR

    Tell users they must have cookies enabled to get full functionality, which is what a lot of shopping carts do.

    To disable appending of the SID you'll need to RTM or do a google search it's a common question
    Steve
    When all else fails, persistence prevails
    UK House Prices

  3. #3
    SitePoint Evangelist TRISPECTIVE's Avatar
    Join Date
    Sep 2002
    Location
    n/a
    Posts
    477
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The only way to parse the SID would be:

    1) Thru the URL - which you said is unacceptable

    2) Form hidden fields ( <input type="hidden" name="SessionID" value="SID"> ) - that could be done only if your site is made out of <forms>, which I doubt

    3) Cookies - which as I understood, are disabled

    Still, you could parse it thru the URL as a variable and if you don't want it to be shown as it really is, you could play some little encryption on it. IE some reversable easy encryption: XOR or shiftsome chars or just mess the chars around a bit.

  4. #4
    SitePoint Enthusiast
    Join Date
    Jun 2001
    Location
    right....
    Posts
    59
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    To disable appending of the SID you'll need to RTM or do a google search it's a common question
    Why dont you help him instead of tell him to RTFM
    Sorry Sarah

  5. #5
    SitePoint Evangelist TRISPECTIVE's Avatar
    Join Date
    Sep 2002
    Location
    n/a
    Posts
    477
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I bet he will answer to your question with the same answer: RTFM

  6. #6
    SitePoint Evangelist TRISPECTIVE's Avatar
    Join Date
    Sep 2002
    Location
    n/a
    Posts
    477
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Or..

    Somebody: "Hi, my name is billy. What is your name?"
    Him: "RTFM!"


  7. #7
    SitePoint Zealot amrknt's Avatar
    Join Date
    Nov 2003
    Location
    india
    Posts
    192
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanx friends, it's really helping. Now I know I've only option either COOKIES or QUERYSTRING. Btw, would anyone help me to understand the RTFM, as it's new term for me.

    Thanx again to all.

  8. #8
    With More ! for your $ maxor's Avatar
    Join Date
    Feb 2004
    Location
    Scottsdale, Arizona
    Posts
    909
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why don't you want to display the session id in the url? Is it for security reasons? Do you think it looks bad?

    If you're worried about security why not just add a salt to it?

    PHP Code:
    # this is index.php

    //-- We don't want to display this number
    $SID 1000;

    //-- But if we add our secret $salt 
    $salt 555;
    $SID $SID $salt// $SID now = 1555

    //-- Let's echo some url
    echo '<a href="blarg.php?SID='.$SID.'">Click here for Blarg</a>';

    # Okay now we're at blarg.php
    $SID $_REQUEST['SID'] - 555;

    echo 
    $SID // Prints 1000; 

  9. #9
    o_O O_o BlueFire2k5's Avatar
    Join Date
    Mar 2003
    Location
    Sioux Falls, SD
    Posts
    475
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by amrknt
    Thanx friends, it's really helping. Now I know I've only option either COOKIES or QUERYSTRING. Btw, would anyone help me to understand the RTFM, as it's new term for me.

    Thanx again to all.
    RTFM = "Read The Freaking Manual" (non-swear version)

  10. #10
    SitePoint Zealot
    Join Date
    Jan 2004
    Location
    uk
    Posts
    110
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Ubuu
    Why dont you help him instead of tell him to RTFM
    I'll answer that in a sec..

    Strangely enough the other comments in my post were meant to help him

    AND the RTM as opposed to read the f***ing manual was simply meant to point out that disabling transid etc was in enough other places that I didn't want to waste anyone elses time... I must admit I hadn't thought that amrknt might not know what RTM meant.

    Having said that, it's nice to see a lot of other constructive posts

    So to answer: Why didn't you help him instead of badmouthing me?
    Steve
    When all else fails, persistence prevails
    UK House Prices

  11. #11
    SitePoint Zealot amrknt's Avatar
    Join Date
    Nov 2003
    Location
    india
    Posts
    192
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by maxor
    Why don't you want to display the session id in the url? Is it for security reasons? Do you think it looks bad?

    If you're worried about security why not just add a salt to it?
    ur gr8, why it didn't come in my mind. BTW thanks a lot maxor.

  12. #12
    SitePoint Zealot
    Join Date
    Jan 2004
    Location
    uk
    Posts
    110
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by maxor
    Why don't you want to display the session id in the url? Is it for security reasons? Do you think it looks bad?

    If you're worried about security why not just add a salt to it?

    ......SNIP.......
    When I first read this I thought 'what a great idea! why didn't I think of that' but I just had another thought:

    As far as I can see this doesn't help at all, because any page which needs the SID will need to decrypt it, so you don't need the salt or any knowledge of the method to hijack the session, you just use the encrypted version.

    Before I'm accused (again) of being unhelpful - does anyone see what I'm getting at?
    Steve
    When all else fails, persistence prevails
    UK House Prices

  13. #13
    With More ! for your $ maxor's Avatar
    Join Date
    Feb 2004
    Location
    Scottsdale, Arizona
    Posts
    909
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I see where your going with that.

    When I made that post I didn't know if the original post didn't want to pass the SID as a part of the URL because maybe he thinks it looks bad or unprofessional or whatever. I thought that he might not want to pass the SID as part of the URL because he didn't want the SID to be out there and open, that's where the salt came in.

    Like I said I see what your getting at, but again unless we know what the original poster is going to be using all of this information for, and we know why he doesn't want to pass the SID, we can't really say for sure.

  14. #14
    SitePoint Enthusiast
    Join Date
    Jun 2001
    Location
    right....
    Posts
    59
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Didnt help him because I was viewing this thread for general information about Sessions. RTFM
    Sorry Sarah

  15. #15
    SitePoint Zealot amrknt's Avatar
    Join Date
    Nov 2003
    Location
    india
    Posts
    192
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Didnt help him because I was viewing this thread for general information about Sessions.
    Well friends it dosen't matter. Till the time I'm using session without any problem. I'm not in deep with session as I'm using it's default features. And now I want to customize it for different situation just for knowledge and deep usage of session.
    As following is new for me
    As far as I can see this doesn't help at all, because any page which needs the SID will need to decrypt it, so you don't need the salt or any knowledge of the method to hijack the session, you just use the encrypted version.
    And hoping more from this forum as I never read any software/hardware manual.

    Thanks to all for giving your time.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •