Solved

PHP SESSION doesn't work when Privacy sets to HIGH

Posted on 2006-06-09
4
282 Views
Last Modified: 2008-03-17
I thought session will always work even the browser doesn't accept cookies -- in that case the session ID will be passed via PHPSESSID in the URL query....

but obviously it is not the case... when I set my IE's Privacy to HIGH or BLOCK ALL COOKIES, then the session fails to work


WHY?


0
Comment
Question by:jtjli
4 Comments
 
LVL 2

Expert Comment

by:EECDML
ID: 16869824
Check your PHP.INI configuration file in the Sessions section.

See if the following is set...

session.use_cookies = 1



I haven't done much modification in this area of the INI file, but I'm sure you can get PHP running without requiring the use of cookies.
0
 
LVL 2

Expert Comment

by:battletech
ID: 16871902
Instead of using a cookie, transmit the session ID in the URL...
0
 
LVL 16

Expert Comment

by:OliWarner
ID: 16878093
>> but obviously it is not the case... when I set my IE's Privacy to HIGH or BLOCK ALL COOKIES, then the session fails to work... WHY?

Because sessions require cookies to store the SessionID. The other method of doing this is to munge the session ID into the URL so you end up with something like this:
www.example.com/mypage.php?PHP_SID=dlkfj323kljf33j

Its seriously ugly. You'll also need to attach the session ID to all your links...
0
 
LVL 8

Accepted Solution

by:
netmunky earned 500 total points
ID: 16902115
php.ini:
; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
;   to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
;   in publically accessible computer.
; - User may access your site with the same session ID
;   always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
"In order to have an organized way for empathy mapping, we rely on a psychological model and trying to model it in a simple way, so we will split the board to three section for each persona and a scenario and try to see what those personas would Do,…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question