I have issue with SID and passing to URL. I am bit new to all php MySQL but trying as best. So I have managed to have login form working and then user can direct to their own page by link after logged in. I want that link to pass SID or some random string///I have code for some random string, but its not working--another topic in itself...aside, from all my reading here and there SSID maybe not safe by passing this value to their page: Anyway, my code echo "<a href="page.php?<?php echo htmlspecialchars(SID); ?>">click here</a>.
So, this translates to page.php?PHPSESSID=7fd4ac2ba0ae0bd23ea0ebc93e88f63d......How can I append or remove the PHPSESSID part from the URL SO IT WILL JUST LOOK LIKE page.php?you=7fd4ac2ba0ae0bd23ea0ebc93e88f63d or so, without PHPSESSID being shown and its a bit juvenile looking? Ok, any help much appreciated.
php_flag session.use_trans_sid off
There is also session_name().
I see in my .ini that session.use_trans_sid 0 so it is 'off' and thus according to php is auto set to 'off' at default for versions and also I am on iis so web.config file need the code to change anything for that to force the cookies. I am confused how to set code out the Code: php_flag session.use_trans_sid off if that is code in the proper syntax and also for the There is also session_name(). link http://us1.php.net/manual/en/session.configuration.php#ini.session.name refers to that being directed back to Defaults to PHPSESSID and so more must be called before session. Please provide more depth to this as I am not scratching the surface all the way here. thanks.
There are many places where you can change the php settings. To make sure what the real settings are add a phpinfo.php file to the directory where your script is. The file should contain only
<?php echo phpinfo (); ?>
You want the following settings:
session.use_cookies On On
session.use_trans_sid 0 0
Note: After you are done with phpinfo.php delete the file because you don't want to let hackers know your settings.
session.use_trans_sid = 0 I have this set like so already, I do not see how still I can in fact use session with my original post as removing the PHPSESSID part in the url, by the answers above. (PHPSESSID=7fd4ac2ba0ae0bd23ea0ebc93e88f63d). I have responded quite clearly about not using cookie as passing SID once logged in. Please be more detailed and provide a live example if possible, thanks.
This topic is now closed. New replies are no longer allowed.