Page 1 of 1
PHP5 sessions show set-cookie in headers
Posted: Sun Nov 04, 2007 11:11 am
by ripmg
I'm using PHP5 and use sessions in my web. I have recently seen that there is a header "Set-Cookie" when using web-sniffer.net . When I disable cookies in Firefox, the sessions no longer work. I thought that if I used sessions, my site would be usable even if cookies were disabled in the client's browser. Am I mistaken ?
Posted: Sun Nov 04, 2007 11:40 am
by John Cartwright
In your php.ini,
Code: Select all
session.use_cookies = 1
session.use_trans_sid = 1
Basically this will check if the user can accept cookies, if not it will append the sid into the url.
Posted: Sun Nov 04, 2007 12:04 pm
by ripmg
It doesn't seem to work.
Here is my current php.ini :
expose_php = off
short_open_tag = off
session.name = ASPSESSIONID
mailparse.def_charset = UTF-8
sendmail_from =
xxx@xxx.xxx
register_globals = off
session.hash_function = 1
asp_tags = off
allow_url_fopen = 0
session.use_cookies = 1
session.use_trans_sid = 1
I'm also using PHP5 with CGI and Zend Engine.
My searched my markup and show nothing with the work "cookie" in it.
Posted: Sun Nov 04, 2007 12:10 pm
by John Cartwright
Did you restart apache after editing your php.ini?
Posted: Sun Nov 04, 2007 12:37 pm
by ripmg
feyd | Please use Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
I have shared hosting so I cannot restart the engine but the changes you suggested are modified when checking with phpinfo();
My web still shows the "Set-Cookie" header and the site does not work if cookies are disabled in the browser.
This is my .htaccess file:
[syntax="apache"]AddType application/x-httpd-php5 .html .css .abc .xml .txt
AddHandler application/x-httpd-php5 .html .css .abc .xml .txt
ErrorDocument 403 /404.html
ErrorDocument 404 /404.html
<Files ~ "^[^\.]+$">
ForceType application/x-httpd-php5
SetHandler application/x-httpd-php5
</Files>
<Files ~ "\.(dat|htalock|inc|php|htaccess|ini|htpasswd)$">
order allow,deny
deny from all
</Files>
<LimitExcept POST GET>
Require valid-user
</LimitExcept>
feyd | Please use[/syntax]Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]