Jump to content

session.use_only_cookies

orange08

By orange08
in PHP Coding Help

 Share

Recommended Posts

redarrow Advanced Member

redarrow

Posted
Posted

as written in the online manual:

 

session.use_only_cookies specifies whether the module will only use cookies to store the session id on the client side. Defaults to 0 (disabled, for backward compatibility). Enabling this setting prevents attacks involved passing session ids in URLs. This setting was added in PHP 4.3.0.

Link to comment
Share on other sites
orange08 Regular Member

orange08

Posted
  • Author
Posted

as written in the online manual:

 

session.use_only_cookies specifies whether the module will only use cookies to store the session id on the client side. Defaults to 0 (disabled, for backward compatibility). Enabling this setting prevents attacks involved passing session ids in URLs. This setting was added in PHP 4.3.0.

 

ya, i did read about this...but still not too sure...

 

meaning that if i'm enabling session.use_only_cookies, then session id will only stored in cookie, but can't pass in URL?

 

and if i'm disable my browser's cookie in this case, then session cannot be created because session id cannot passed through URL?

 

thanks for reply!

Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

correct.

 

unfortunately session use cookies, a lot off deep hard programmers want use cookies only use sessions very strange but true.

 

now even deeper real top top top pros's like me lol joking only use session within a database only...

it all madness.

 

they say cookies and sessions and use of a database is the way froward....

 

in other words use session's but also use a database to keep them.

((apparently this will enhance security))

Link to comment
Share on other sites
orange08 Regular Member

orange08

Posted
  • Author
Posted

 

meaning that if i'm enabling session.use_only_cookies, then session id will only stored in cookie, but can't pass in URL?

 

and if i'm disable my browser's cookie in this case, then session cannot be created because session id cannot passed through URL?

correct.

 

 

i want to test how true is it that when i set session.use_only_cookies ON, then session id can't passed through URL...

 

so, how can i test? if this is my website link:

 

www.mysite.com

 

how to append the session id for the testing, please?

 

thanks!

 

 

Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

good understanding.

http://dev.fyicenter.com/faq/php/php_using_sessions_3.php

 

nice examples and read....

 

  session.use_only_cookies  boolean

    session.use_only_cookies specifies whether the module will only use cookies to store the session id on the client side. Enabling this setting prevents attacks involved passing session ids in URLs. This setting was added in PHP 4.3.0. Defaults to 1 (enabled) since PHP 5.3.0.

Link to comment
Share on other sites
orange08 Regular Member

orange08

Posted
  • Author
Posted

good understanding.

http://dev.fyicenter.com/faq/php/php_using_sessions_3.php

 

nice examples and read....

 

  session.use_only_cookies  boolean

    session.use_only_cookies specifies whether the module will only use cookies to store the session id on the client side. Enabling this setting prevents attacks involved passing session ids in URLs. This setting was added in PHP 4.3.0. Defaults to 1 (enabled) since PHP 5.3.0.

 

thanks for the link, it's really a good article...

 

so, i came to a conclusion that if without enabling session.use_only_cookies, and i disable my browser's cookie, then my session id should be passed through URL, right?

 

but, according to my testing, i disable my browser's cookie, and at the same time DIDN'T enabling session.use_only_cookies...

with this piece of code from your provided link above...

 

<?php
  session_start();
  print("<html><pre>");

  $queryString = $_SERVER["QUERY_STRING"];
  print("Query string of the incoming URL: ".$queryString."\n");

  print("Cookies received:\n");
  foreach ($_COOKIE as $name => $value) {
     print "  $name = $value\n";
  }

  print("</pre></html>\n");
?>

 

i get nothing from Query string of the incoming URL and

Cookies received...meaning that no session is being created and for sure no session id being passed through URL...

 

why? and what's wrong? :confused:

 

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.