Jump to content

session.use_trans_sid - Please Just Post Your Quick Vote (answer 1, 2 or 3)

johnsmith153

By johnsmith153
in PHP Coding Help

Recommended Posts

johnsmith153 Advanced Member

johnsmith153

Posted
Posted

I have spent a bit of time learning php sessions and I am doing a login script.

 

Please just post a quick answer 1,2,3 as to what you think I should do.

 

Any comments will be appreciated also.

 

(1) Anyone who stops cookies will suffer on my site as they will not be able to log in etc.

 

(2) Use session.use_trans_sid but be ready for security breaches.

 

(3) Another option (please tell me.)

 

Thanks for your votes / help.

radar Regular Member

radar

Posted
Posted

I vote 3..  but thats just me... 

 

While I do use sessions, that way I'm not limiting users..

 

http://www.phpfreaks.com/forums/index.php/topic,196266.0.html

 

that is a somewhat complete login script for my site..  this is for the administration console but I use the same technique for the front end login as well.

 

 

johnsmith153 Advanced Member

johnsmith153

Posted
  • Author
Posted

I vote 3..  but thats just me... 

 

While I do use sessions, that way I'm not limiting users..

 

http://www.phpfreaks.com/forums/index.php/topic,196266.0.html

 

that is a somewhat complete login script for my site..  this is for the administration console but I use the same technique for the front end login as well.

 

 

 

 

Radar, did you mean 2?

johnsmith153 Advanced Member

johnsmith153

Posted
  • Author
Posted

No i totally mean 3 ;)

 

I dont use the use_trans_sid command as I don't pass session variabled through the address bar...

 

Then how do you remember the php session id? I dont see anything in your code that will allow the browser to remember the session id. Or do you just get them to re-enter username and password on every page load?

radar Regular Member

radar

Posted
Posted

thats the thing..  you don't technically have to remember the session_id... 

 

Basically the way I do it, everything is stored in $_SESSION, just as if it were a cookie...  only difference is, it's more secure than passing the session id through the web address, and it doesnt rely on cookies being turned on.

 

Only time people have to log in is their first visit to the page when they first open the browser and go to my page, and when they are idle for 1800 seconds.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.