SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 36
  1. #1
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Session & Cookie Question? Novice

    Hi all

    Ive recently set up a login form and once you've sucessfully logged in, before I can view "welcome user" FF asks if i want to allow the cookie?

    I don't have any cookies in my script just SESSIONS, I thought by using a SESSION this would bypass getting prompted for a cookie so if people have cookies turned off?

    If am making sense here? Thanks.

  2. #2
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    SESSIONS INHO is the best practice
    my mobile portal
    ghiris.ro

  3. #3
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    SESSIONS INHO ?

    Thanks

  4. #4
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    sorry, I meant IMHO Abbreviation for In My Humble Opinion.
    my mobile portal
    ghiris.ro

  5. #5
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    IMHO ?? lol

    I really just want to know how to stop any browser from prompting me to deny or allow the cookie, but I cant understand why it's asking about a cookie when i have none in my script??

    Cheers

  6. #6
    SitePoint Evangelist AlienDev's Avatar
    Join Date
    Feb 2007
    Location
    UK
    Posts
    591
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What broswer are you using? That doesnt happen unless you are using IE 4 or less (I think its 4). You could post your script here and we could have a look.

  7. #7
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    you can try this:

    create a .htaccess file and add
    php_value session.use_cookies 0

    and I think the browser won't prompt you for accepting the cookie
    my mobile portal
    ghiris.ro

  8. #8
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I switched FF properties to prompt me when a cookie is trying to be set, thats why it's asking me. But this should'nt be asking me because i have no cookies thats what is puzzling me??

    "you can try this:

    create a .htaccess file and add
    php_value session.use_cookies 0"

    but why is it asking me if i have no cookies?

    BIT OF MY CODE:
    PHP Code:
    // Set the session data & redirect.
    session_start();
    $_SESSION['user_id'] = $row[0];
    $_SESSION['first_name'] = $row[1];
                
    ob_end_clean(); // Delete the buffer. 
    if that helps

  9. #9
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've tested with opera 7.54

    for normal cookies I've selected let me decide every time when I receive one

    now, with cookies enabled in server configuration the browser will ask me this:

    This page wishes to set the cookie
    PHPSESSID="ljaq729osjjddt3id29emh43f3"

    This value will only be sent to documents on the server example.org, and paths that are starting in /.

    The cookie will be deleted when Opera is closed.
    ----------------------
    Full cookie request:

    PHPSESSID=ljaq729osjjddt3id29emh43f3; path=/

    now, with cookies disabled in server configuration the browser won't ask me anything.

    It's related to browser configuration.

    hope it helps.
    my mobile portal
    ghiris.ro

  10. #10
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cheers Erine thats exactly what it's saying to me, so there is no cookie issue? So how will I configure the server? and does that mean once configured nobody will ever get asked?

    Thanks

  11. #11
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Like I said in post #7, just use .htaccess file with

    php_value session.use_cookies 0

    in your root directory, and if you want to enable cookies in subdirectories, you can put an empty .htaccess file and the server's default configuration will be available.

    Edit:


    yes there is cookie issue, but if the server will not set the cookie, there is no prompt.
    my mobile portal
    ghiris.ro

  12. #12
    Who turned the lights out !! Mandes's Avatar
    Join Date
    May 2005
    Location
    S.W. France
    Posts
    2,496
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Sessions must pass the session_id between pages, there are two ways of doing this.

    Either

    1) Set a cookie on the users computer and then read this cookie each time it needs to remind itself what session_id your using is.

    OR

    2) pass the session_id as a URL parameter, like a $_GET when using forms.

    By using Ernies solution the session should append the session_id to the URL, this is OK but could create a higher security risk for your site, depending on your use of sessions
    A Little Knowledge Is A Very Dangerous Thing.......
    That Makes Me A Lethal Weapon !!!!!!!!

    Contract PHP Programming

  13. #13
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cheers Ernie, thanks for the input and advice.

    OR

    2) pass the session_id as a URL parameter, like a $_GET when using forms.

    Yes Mandes thats whats happening in my code.

    Thanks guys

  14. #14
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by computerbarry View Post
    pass the session_id as a URL parameter, like a $_GET when using forms.
    no, you shoud not get the session id with $_GET[], it's a verry bad practice, once you start the session you should asign the session_id to the the url like this
    PHP Code:
    main.php?PHPSESSID=<?php echo strip_tags(session_id()); ?>
    or you can change the session.name to sid in the .htaccess file

    php_value session.name sid
    my mobile portal
    ghiris.ro

  15. #15
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Ernie1 View Post
    no, you shoud not get the session id with $_GET[], it's a verry bad practice, once you start the session you should asign the session_id to the the url like this
    PHP Code:
    main.php?PHPSESSID=<?php echo strip_tags(session_id()); ?>
    or you can change the session.name to sid in the .htaccess file

    php_value session.name sid
    Sorry it's not a $_GET it's $_POST everything in my script is $_POST.

    Thanks Erine

  16. #16
    Who turned the lights out !! Mandes's Avatar
    Join Date
    May 2005
    Location
    S.W. France
    Posts
    2,496
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I said that the session ID is passed in the URL 'LIKE' a $_GET, ie appended to the URL.

    I wasnt suggesting that you use $_GET to retrieve the session_id.
    A Little Knowledge Is A Very Dangerous Thing.......
    That Makes Me A Lethal Weapon !!!!!!!!

    Contract PHP Programming

  17. #17
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Mandes View Post
    I said that the session ID is passed in the URL 'LIKE' a $_GET, ie appended to the URL.

    I wasnt suggesting that you use $_GET to retrieve the session_id.
    ok, I just want to let him know.

    Regards
    my mobile portal
    ghiris.ro

  18. #18
    Who turned the lights out !! Mandes's Avatar
    Join Date
    May 2005
    Location
    S.W. France
    Posts
    2,496
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    TO add to the above posts, you should really be careful allowing the SID to be passed in the URL, this can have some serious side effects as anyone emailing or bookmarking your site will also be passing their SID too.

    Can also have some negative effects on search engine bots too
    Last edited by Mandes; Mar 23, 2007 at 18:13.
    A Little Knowledge Is A Very Dangerous Thing.......
    That Makes Me A Lethal Weapon !!!!!!!!

    Contract PHP Programming

  19. #19
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok cheers guys. So I think i'll just add .htaccess file with php_value session.use_cookies 0, problem solved?

    Thanks

  20. #20
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm just wondering how can the user change the session value in session_id and in the same time to be a valid session_id in the server's session file?

    From the manual:
    Quote Originally Posted by http://www.php.net/manual/en/ref.session.php#session.idpassing
    The htmlspecialchars() may be used when printing the SID in order to prevent XSS related attacks.

    Printing the SID, like shown above, is not necessary if --enable-trans-sid was used to compile PHP.

    Note: Non-relative URLs are assumed to point to external sites and hence don't append the SID, as it would be a security risk to leak the SID to a different server.
    as it would be a security risk to leak the SID to a different server.

    This is true.
    my mobile portal
    ghiris.ro

  21. #21
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks Erine isn't that just with $_GET?

    Just tryed .htaccess - php_value session.use_cookies 0 (uploaded to my server and now when I try and login it just stays on the same page and dosen't log me in?

    Cheers

  22. #22
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    check the error log

    and please give me the login code and login check code you have on your server, I will help you.
    my mobile portal
    ghiris.ro

  23. #23
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    how do you check the error log?

    thanks

  24. #24
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    login to cpanel and check error log

    or at the top of your page put this

    ini_set('display_errors',1);
    error_reporting(E_ALL);

    let me know if you get errors
    my mobile portal
    ghiris.ro

  25. #25
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    [Fri Mar 23 10:35:50 2007] File does not exist: /home/public_html/404.shtml
    [Fri Mar 23 10:35:50 2007] File does not exist: /home/public_html/robots.txt

    These are the lastest errors no sure if there related?

    Thnaks


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •