Hello, hope someone here can help.
I have some applications which run fine under PHP 4.1.2. After upgrading
the server to PHP 4.2.2 or 4.2.3 I have strange problems with the sessions, which my apps use. I always used the sessions without cookies
(session.use_cookies off or turned off in the browser), and my apps
shall not use cookies at all.
But without enabling cookies my app does not work correct anymore.
The session store is under /var/phpsessions and exists. The app
worked fine before 4.2.x without cookies, only file sessions.
I cannot find out why. As I read, the are no changes in the session code
between 4.1 and 4.2, but register_globals is off by default.
In my apps I need (for now) the register_globals on.
So I set
session.use_cookies off/0
register_globals on/1
Can anyone give me some hints, how to use sessions
without cookies in 4.2.3 ?
Thanks in advance.
PHP 4.2.x Problem with sessions WITHOUT cookies
Moderator: General Moderators
session-handling by appending the id to the URL is disabled by default
maybe you want to set this, too; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
; in publically accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0
; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer_check =