dicky96 Posted March 26, 2008 Share Posted March 26, 2008 Hi guys and girls Still learning this stuff, posting questions here seems to becoming a regular thing lol I've been trying to get my head around user authentication (login) systems and also tracking a user through the website (sessions) From one tutorial I've been playing with I found this Using session ID's Unfortunately, cookies are not reliable. Those of you who have cookies disabled will have seen that none of the above examples work. We can't allow our users to escape so easily however! And this is where we need session ID's. PHP4 creates a constant of the session ID named SID, which is available inside a session. By appending this to the end of a url, the session ID becomes available to the next page. The session_start() function will automatically pick up other SID or the cookie, depending which is used. The following 2 variations of the earlier scripts will show this in action. First disable cookies on your browser, forcing PHP to use session ID's: page6.php <?php session_start(); $_SESSION["first_name"] = "new john"; ?> View this link on your status bar before clicking it: <a href='page7.php?<?=SID ?>'>page7.php</a> page7.php <?php session_start(); print "Your firstname is: ".$_SESSION["first_name"]; ?> Looking at the url in your browser's status bar, you'll see something like: page7.php?PHPSESSID=4725a759778d1be9bdb668a236f01e01 And when you click on the link, you'll see that the session variable "new john" has been passed successfully to page7.php All that seemed to make perfect sense to me but while playing around with this I've found that the above works fine while I have cookies enabled in my browser but when I disable the cookies I get something like this http://192.168.0.10/test/page7.php?%3C?=SID%20?%3E Notice: Undefined index: first_name in C:\Program Files\Apache Group\Apache2\htdocs\test\page7.php on line 3 Your firstname is: So it doesn't work with cookies disabled. The SID in the URL looks weird, not as I expected it to look. I'm using Mozilla Firefox browser. What's stopping it form working like it says in the tutorial? I'm hoping to build a website which will have user authentication and also keep a track of each users status as they navigate the site (some users have different status to others and will see pages differently). Yes I know, talk about jumping in at the deep end but that's the way I tend to be LOL I can find lots of scripts to implement this sort of thing using various levels of security, I'm wondering, is there any good overview of the various techniques involved and their relative merits, as it would help I think if I understood the big picture more thoroughly before getting into the nitty-gritty TIA (again) dicky Quote Link to comment https://forums.phpfreaks.com/topic/97944-question-about-php-sessions-and-cookies/ Share on other sites More sharing options...
ansarka Posted March 26, 2008 Share Posted March 26, 2008 session doesn't work when you disable cookies Quote Link to comment https://forums.phpfreaks.com/topic/97944-question-about-php-sessions-and-cookies/#findComment-501116 Share on other sites More sharing options...
timmy0320 Posted March 26, 2008 Share Posted March 26, 2008 http://shiflett.org/articles/the-truth-about-sessions There's a good article for you to read on, also be sure to read the other articles in the Summer. It will help you greatly understand the picture of sessions and cookies. Quote Link to comment https://forums.phpfreaks.com/topic/97944-question-about-php-sessions-and-cookies/#findComment-501117 Share on other sites More sharing options...
wildteen88 Posted March 26, 2008 Share Posted March 26, 2008 All that seemed to make perfect sense to me but while playing around with this I've found that the above works fine while I have cookies enabled in my browser but when I disable the cookies I get something like this http://192.168.0.10/test/page7.php?%3C?=SID%20?%3E Notice: Undefined index: first_name in C:\Program Files\Apache Group\Apache2\htdocs\test\page7.php on line 3 Your firstname is: So it doesn't work with cookies disabled. This is not the case. have a look at the following line <a href='page7.php?<?=SID ?>'>page7.php</a> It is because PHP is not configured to use the short open tags (<?= ?>) and so PHP is sending the code over the url rather than the session id. Change <?=SID ?> to <?php echo SID; ?> instead. Now re run your code with cookie disabled and you should find the session id being transferred. Do note though that transferring the sessions id over the url can allow for session fixation. Quote Link to comment https://forums.phpfreaks.com/topic/97944-question-about-php-sessions-and-cookies/#findComment-501138 Share on other sites More sharing options...
timmy0320 Posted March 26, 2008 Share Posted March 26, 2008 http://shiflett.org/articles/the-truth-about-sessions There's a good article for you to read on, also be sure to read the other articles in the Summer. It will help you greatly understand the picture of sessions and cookies. Yeah I meant "Summary" not Summer lol. Won't let me edit for some reason Quote Link to comment https://forums.phpfreaks.com/topic/97944-question-about-php-sessions-and-cookies/#findComment-501148 Share on other sites More sharing options...
dicky96 Posted March 26, 2008 Author Share Posted March 26, 2008 Thanks Wildteen - you rescued my sanity again, and I thoroughly understood your explanation why it didn't work (I used to be totally mystified by this stuff, now I'm just plain mystified) Thanks Timmy - that looks like what I was after - time for a good read best regards dicky Quote Link to comment https://forums.phpfreaks.com/topic/97944-question-about-php-sessions-and-cookies/#findComment-501168 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.