bryan52803

This page might be useful to you: http://www.ragepank.com/articles/26/disable-phpsessid/ But in a nutshell, if a user shares their URL with someone else, or worse it's indexed or otherwise obtained, then that user's custom page where they're logged in or otherwise may be accessed by another user. There are other reasons I believe, but this is the most basic. Bryan

Easy, easy! Just the one line would have sufficed with a syntax error $message .='<a href="http://umit/pengesafari/danish/index.php?user_id='.$_SESSION['f_id'].'" target="_blank">Click Here[/url] '; That's your problem. Look at what you're doing, double quotes inside single quotes? Try this: $message .= "<a href=\"http://umit/pengesafari/danish/index.php?user_id=".$_SESSION['f_id']."\" target=\"_blank\">Click Here</a>"; \" escapes the double quotation marks so they don't terminate the string. Bryan

Well, like I said, if you start a session, you have a session ID, regardless of whether or not session data is written, period. So if you call session_start(), you're going to start propagating that ID. Since you have no access to your configuration file, this is done automatically and is necessary since cookies are not used. Without this, session data can not get from one page to the other, which really is the point of sessions to begin with. If you're insistent that setting a variable may work, then try it for crying out loud. Bryan

Please post what you have. The best way would be to set the value's of each option to a number <option value="1">Arkansas</option><option value="2">Alabama</option> Then, when they submit, get the value chosen, compare it to each value as you're generating the list, and if theres a match add : selected="selected" : to the option parameters. Bryan

Do you mean your URL's begin to look like "blah.php?PHPSESSID=as6d5afds56f5d6f5" ? If so, you may be out of luck. If you can't modify your php.ini, then this is how the session ID must be persisted. If you remove this from the URL, you lose the data stored (or at least no longer know where to look for it). Thus, any time a session is started, whether or not session data is written, this will be affixed to your URLs. I'd recommend switched you hosting, or at least calling and asking to use your own php.ini Bryan

Please paste this line of code "scpoints.php line 239" (assuming there's no sensitive data) Note also that whitespace in any include's and require's will affect this as well Bryan

I think this is more an issue of how your database is setup. If you have the option to modify it at this point, you should post how your table is setup, and what you're trying to do. Organizing and categorizing data by descriptions is highly inefficient. MySQL is a machine, not a man, and thrives in numbers. Bryan

In short, both. This is the most secure way, in my opinion. Use sessions, but store the session ID in the cookie. Session propagation through URL, as described above, has security risks. Storing session data in a cookie has its equally dangerous implications, if someone is able to steal the cookie. So store the session data on the server however you choose, and keep track of session ID's to correspond to the data in their cookies. Bryan

Because you're attempting to modify the header information after HTML (or otherwise content) is written. 1. Edit your post and remove the /home/... parts of the error; the less you reveal about your site file hierarchy the better. Knowledgeable people can do bad things with even the slightest hint of information like that. 2. Check your code before header() is called. Is anything echoed, printed, or otherwise output to the browser? This is your problem. Bryan

For fun, replace echo "$row"; with: echo "row=$row listval2=$listval2"; Make sure two things are happening. 1) that line is output 2) listval2 is a valid value echo "$row"; is bad practice, because you don't know if the code's even getting there! You can't assume it's just empty because nothing shows up. Bryan

Show us some code. More likely than not, you're leaving the ID field of your table blank when inserting data, and auto-increment isn't enabled on that column. Bryan

In my opinion, size shouldn't be the limitation with AJAX; it should be a matter if the content is dynamic or not. If you're looking to reveal changing, dynamic content, use AJAX. If the text revealed is static and unchanging, use pure javascript. Bryan

SOLVED: To update the cookie, one needs to set the cookie again with the SAME PARAMETERS but different time. If cookies are automatic, its a such: setcookie(session_name(), session_id(), time()+3600, "PATH","DOMAIN"); //Augment Cookie expiration by 1 hour (3600s) Where PATH is path specified in your php.ini, and DOMAIN is the domain specified in your php.ini. Leaving any of these parameters blank or NULL as old documentation has suggested, the cookie will not update. I believe this is a security feature of modern browsers. So two lessons learned here: * Cookies expire on time, not 3600s after browser closure * To change the time of a cookie (to include time()-3600 to delete), setcookie must be called with ALL the same parameters except the different time. Bryan

Of course it won't. You're getting the search results on the login page which makes no sense. The only variable you're submitting to the following page is the search query. The mysql retrieval and such should be on the searchresults.php page. Login.php should have the form, which should submit to searchresults.php Searchresults.php should: $results = $_POST['searchresults']; THEN do the mysql query on that page and display the results appropriately. What you're doing now makes no sense. Bryan

I would create a .php file, private.php, for example. have 'private.php' check session data for the user-ID, then build the page custom accordingly in PHP. You can pass along the userrname using a querystring, 'private.php?user=John' Then you can use URL Rewrite to fashion it so it pips 'private.php?user=John' when the user requests 'http://www.mypage.com/John' Then finally, after verfying the login information, pull a: header('Location: http://www.mypage.com/$user'); exit; Bryan