Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

problem with sessions ??

Status
Not open for further replies.
hos2

hos2

Programmer
Joined
May 6, 2002
Messages
418
Location
NL
I use an sessionid for each user on my forum. when someone posts a link from my forum the sessionid of that user is also in the url which causes that anybody who clicks on the link is logged in as the user who posted the url. how can I prefent that sessionids are visible to other users ??
 
Sort by date Sort by votes
"post a link from your forum" ?

if u mean "when a user posts a link in the forum to a outside site" then probably the URL code is adding the session id to the string, though that's odd...

anyway, you can always strip the session id tag from the URL, just find it's position in the URL through strpos and then use substr to strip it, because the PHPSESSID tag is always last in the URL.

something like:

Code: 
$URL = "/dir/blabla.php?var=one&bla=two&PHPSESSID=654654g6s5465sd4h65sdh";

$getpos = strpos($URL, "&PHPSESSID=");
$result = substr($URL, 0, $getpos);

// $result = "/dir/blabla.php?var=one&bla=two"

jamesp0tter,
jamespotter@netcabo.pt

p.s.: sorry for my (sometimes) bad english :p
 
Upvote 0 Downvote
hmmm I have put
ini_set(session.use_trans_sid,"0"); in my mysql connection include file. but now I notice that the first link I click on will show a sessionid anyway. after that it doesn't show it again ??????
 
Upvote 0 Downvote
in the meantime I use session_regenerate_id(); in the connopen file so everytime with a pageload a new id is generated. hope my hosting will like this ?
 
Upvote 0 Downvote
yep but how to solve the problem with session.use_trans_sid which is clearly not working :(
 
Upvote 0 Downvote
I don't know. If the session id in the URL goes away after your first script, it sounds to me like the setting is working.

However, how are you getting to your first script?

Also, you can set session.use_trans_sid in a .htaccess file, if running on Apache. You may be able to set that up.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
yep I also put it in an htaccess file. you see the sessionids when you start explorer and go to my forum. the abuse can already take place with this first page

see

I put the command in the include file for the connection

Code: 
<?php 
ini_alter(&quot;session.auto_start&quot;,0);
ini_alter(&quot;session.use_trans_sid&quot;,0);
session_start();
 
Upvote 0 Downvote
It may be that your hosting provider may not be limiting what you can do in .htaccess files. Have you run a phpinfo() script form that directory, with the .htaccess file in place, to see if your PHP configuration changes?




Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Wand850
  • Locked
  • Question Question
Parsing XML with multiple namespaces using PHP
Replies
3
Views
541
spamjim
spamjim
Gerrit Broekhuis
  • Locked
  • Question Question
PHP form with captcha and file upload
Replies
4
Views
593
Gerrit Broekhuis
Gerrit Broekhuis
waubain
  • Locked
  • Question Question
Convert Indexed Multidimensional Array to Multidimensional Array with Key Value pair
Replies
2
Views
531
waubain
waubain
PeDa
  • Locked
  • Question Question
Include URL with parameter in table generated by php
Replies
3
Views
817
PeDa
PeDa
jason.lex
  • Locked
  • Question Question
Problem with table output and calendar picker bug
Replies
3
Views
377
spamjim
spamjim

Part and Inventory Search

Sponsor

Back
Top