Page 1 of 1

Session id... I don't get it...

Posted: Sat Apr 17, 2004 12:23 am
by Steveo31
The session ID is there if no one is logged in, but as soon as someone logs in, the session ID goes away.

PHP.ini file-

Code: Select all

їSession]
; Handler used to store/retrieve data.
session.save_handler = files

; Argument passed to save_handler.  In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this 
; variable in order to use PHP's session functions.
session.save_path = C:/phpdev\php\temp;

; Whether to use cookies.
session.use_cookies = 1


; Name of the session (used as cookie name).
session.name = s_id

; Initialize session on request startup.
session.auto_start = 0

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0

; The path for which the cookie is valid.
session.cookie_path = /

; The domain for which the cookie is valid.
session.cookie_domain =

; Handler used to serialize data.  php is the standard serializer of PHP.
session.serialize_handler = php

; Percentual probability that the 'garbage collection' process is started
; on every session initialization.
session.gc_probability = 1

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440

; Check HTTP Referer to invalidate externally stored URLs containing ids.
session.referer_check =

; How many bytes to read from the file.
session.entropy_length = 0

; Specified here to create the session id.
session.entropy_file =

;session.entropy_length = 16

;session.entropy_file = /dev/urandom

; Set to {nocache,private,public} to determine HTTP caching aspects.
session.cache_limiter = nocache

; Document expires after n minutes.
session.cache_expire = 180

; use transient sid support if enabled by compiling with --enable-trans-sid.
session.use_trans_sid = 1

url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Posted: Sat Apr 17, 2004 12:25 am
by phice
How are you getting the session id? Could you give us an example of your code?

Try [php_man]session_id[/php_man]() to retrieve the current session id.

Posted: Sat Apr 17, 2004 12:36 am
by Steveo31
Sure thing.

Code: Select all

<?php 
session_start(); 
?>
//and later:
<?php
if(empty($_SESSION['username'])){
					   
?>
<tr>
			<td>Username: <input type="text" name="username"></td>
</tr>
<tr>
			<td>Password: <input type="password" name="password"></td>
</tr>
<tr>
			<td><br><input type="submit" value="Log in" style="font-size:90%">&nbsp;Remember Me?<input type="checkbox" name="remember"></td>
</tr>

<?php
	
}else{
						
?>
<p style="font-family:arial; font-size:10px;">Welcome <?php echo $_SESSION['username']; ?>.
<br><br>
<a href="logout.php">Log out</a> | <a href="members.php?action=tools&username=<?php echo $_SESSION['username'] ?>">Tools</a>
						
<?php
}
?>
All that works just fine. If you are logged in, the second block is shown. If not, the first block is. Once you are logged in, the session_id goes away. If you are not logged in, the session_id is there.

Oh wait... :idea:

So there are 2 ways of sessions... one is in the URL... the other in cookies. If the user is logged in, it uses cookies. If not... it does it in the URL, right?

Hm.

Posted: Sat Apr 17, 2004 12:38 am
by feyd
first attempts to set a cookie. If that doesn't take, it passes via url.

Posted: Sat Apr 17, 2004 12:43 am
by Steveo31
So if session.use_cookies is set to 1, then if the user is logged in that session id won't ever show up, unless I type it into every <a href> or turn cookies off, right?

In that case, I'm a dork.