php session id in url

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
gwolff2005
Forum Commoner
Posts: 68
Joined: Sun Apr 05, 2009 10:58 am

php session id in url

Post by gwolff2005 »

Hi guys,

I have a site where the users have to login. After the login page I would like to show the sessionid in the url. I have no clue how to do that? Would be great if anyone could tel me hwo to do that. Thanks so much in advance!
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: php session id in url

Post by Apollo »

Try this:

Code: Select all

ini_set("session.use_cookies",0);
ini_set("session.use_trans_sid",1);
But if you want this permanently, it's better to change it in php.ini itself.
gwolff2005
Forum Commoner
Posts: 68
Joined: Sun Apr 05, 2009 10:58 am

Re: php session id in url

Post by gwolff2005 »

Hi Apollo, thanks for that. By any chance, do you know how to create a crypted ssl. I dont wanna buy a ssl certificate but afterr a login page show in the url bar a secure url like
http://www.guntmarwolff.com/index.php?908143hfru()UH3??)(jfdoisAhOdfihsad09
IS there a code/command?
Thanks ver much in advance!
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: php session id in url

Post by Apollo »

Uhm.. Exactly what are you trying to encrypt?
gwolff2005
Forum Commoner
Posts: 68
Joined: Sun Apr 05, 2009 10:58 am

Re: php session id in url

Post by gwolff2005 »

ok maybe not encrypt..
I have a login page. after the people login, because I don't have a ssl certificate, they see in the url bar just the normal address (http://www.guntmarwolff.com/intro.php) I would like to change this so, after they login it creates a certain amount of numbers mixed with letters, that it is or at least look safe (http://www.guntmarwolff.com/intro.phpiu ... iUuhIUi{98? In a way that it looks like a ssl url which you get when you log onto a ssl secure site...)
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: php session id in url

Post by Apollo »

To do that, instead of using intro.php as the action for the login form, you could use yoursite.com/SoMeWeIrDLoOkInGAdDrEsS and redirect that internally with .htaccess to the actual intro.php

But that does not offer any actual protection whatsoever. One way to do it properly, is simply checking in intro.php (or whatever page you want to restrict to logged in users only) whether the user has a valid login session.
gwolff2005
Forum Commoner
Posts: 68
Joined: Sun Apr 05, 2009 10:58 am

Re: php session id in url

Post by gwolff2005 »

yeah i did that. it is linked to mysql databank and no on can go on there unmless he is logged in. BUT I would liek to make it visible for the users as well, by creating a ssl url...
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: php session id in url

Post by Apollo »

There's no such thing as an SSL url, other than urls starting with https:// to specify they're using the https protocol.
But you need an SSL certificate for that.

I don't get what you mean with "make it visible to the users as well", make what visible?

If you think you gain anything by obfuscating urls, notice that people can copy unreadable urls from eachother just as well as normal urls. No real protection there at all.
Post Reply