Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

PHP SESSION doesn't work when Privacy sets to HIGH

Posted on 2006-06-09
4
283 Views
Last Modified: 2008-03-17
I thought session will always work even the browser doesn't accept cookies -- in that case the session ID will be passed via PHPSESSID in the URL query....

but obviously it is not the case... when I set my IE's Privacy to HIGH or BLOCK ALL COOKIES, then the session fails to work


WHY?


0
Comment
Question by:jtjli
4 Comments
 
LVL 2

Expert Comment

by:EECDML
ID: 16869824
Check your PHP.INI configuration file in the Sessions section.

See if the following is set...

session.use_cookies = 1



I haven't done much modification in this area of the INI file, but I'm sure you can get PHP running without requiring the use of cookies.
0
 
LVL 2

Expert Comment

by:battletech
ID: 16871902
Instead of using a cookie, transmit the session ID in the URL...
0
 
LVL 16

Expert Comment

by:OliWarner
ID: 16878093
>> but obviously it is not the case... when I set my IE's Privacy to HIGH or BLOCK ALL COOKIES, then the session fails to work... WHY?

Because sessions require cookies to store the SessionID. The other method of doing this is to munge the session ID into the URL so you end up with something like this:
www.example.com/mypage.php?PHP_SID=dlkfj323kljf33j

Its seriously ugly. You'll also need to attach the session ID to all your links...
0
 
LVL 8

Accepted Solution

by:
netmunky earned 500 total points
ID: 16902115
php.ini:
; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
;   to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
;   in publically accessible computer.
; - User may access your site with the same session ID
;   always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Remove third quote mark from widget 6 28
Scroll 5 news at a time. 4 33
Grunt script for Build Process 1 42
Syntax for query to update table 2 29
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo‚Ķ
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question