I’m trying to secure some information by creating/starting a session, and redirecting from page1.php to page2.php. page2.php checks for the Session ID “session” before it displays the content on the page.
Is there anything that will pass the name of the Session ID for users other than myself to see? Maybe with HTTP Headers or something or is it completely hidden since its processed in php before the page loads?
Generally, sessions in PHP are now handled with cookies - a bit of data that gets passed silently along by the browser when it makes a request for the page.
session_id() will return the current session’s identifier handle. the globally defined constant SID also holds this data.
However, there should be no need for a user to ever see this information - in fact, to reveal it is a potential security violation. Why would you want to do so?
its not that i want to make the session_id() visible, im just making sure that it isnt visible because if there is no session id, i dont want page2.php to display. I’m just trying to make sure its not possible to find out the session_id and then make page2.php visible after redirecting to that page
okay you’re creating a variable CALLED session inside the session. (Hence the confusion!)
No, this is fine, and the expected way to handle sessions. The visitor will be unable to see the content of $_SESSION[‘session’]. (Unless you choose to print it out, of course)