session cookie as request data

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
spikedgav
Forum Newbie
Posts: 1
Joined: Tue May 31, 2005 7:46 am

session cookie in request data

Post by spikedgav »

Hi,

I've got a problem with my site sending the session cookie as request data the first time the site is loaded. Subsequent pages visited store the session cookie as a cookie.

Its unfortunate that I can;t give access to the code, as Its tie property of my company.

Under what cercumstances do what appears in code to be just a url, such as new_dev.php, gain the request data ?PHPSESSID=35a3fa289241800acf3a0748575048a1
??

This is causing problems elsewhere in my site, because sessions are disappearing.

Has anybody had a similar problem and found a solution?

Thanks
User avatar
anjanesh
DevNet Resident
Posts: 1679
Joined: Sat Dec 06, 2003 9:52 pm
Location: Mumbai, India

Post by anjanesh »

You need to have the session store in the cookie which is the default or you can have it sent in the url each time a new page is ngin requested for. Normally its in the form of sid something.php?sid=35a3fa289241800acf3a0748575048a1&paramters=somethingelse
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

I believe the SID is send along in the URL when the session is created, and will disapeer in your next page request. This can be turned off by changing session.use_trans_sid = 0 in your php.ini.
Post Reply