Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sessions in links 1

Status
Not open for further replies.
chessbot

chessbot

Programmer
Mar 14, 2004
1,524
US
continued from thread434-944096

I have a PHP website in which a user's login is stored in the $_SESSION[] array. The current contents:

$_SESSION['username'] = username;
$_SESSION['password'] = password;
$_SESSION['id'] = id;

The id is taken from a database containing each username and password and a unique id.

Where is this information stored? How does it react with cookies? Should I put it in my <a> tags?

Thank you!

--Chessbot

"See the TURTLE of enormous girth!"
-- Stephen King, The Dark Tower series
 
Sort by date Sort by votes
If you look in php.ini, you will find two runtime configuration settings: session.use_trans_sid and url_rewriter.tags. If session.use_trans_sid is set to 1 or on, then PHP will automagically add session IDs to the tags specified in url_rewriter.tags.

However, passing around the session ID in tags can be a security risk. This from the PHP online manual section titled "Session Handling Functions":

URL based session management has additional security risks compared to cookie based session management. Users may send a URL that contains an active session ID to their friends by email or users may save a URL that contains a session ID to their bookmarks and access your site with the same session ID always, for example.
Click to expand...


Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Thank you.

Unfortunately, I do not hav access to php.ini. Would this be available through phpinfo()?

I think what I am looking for is a good explanation of sessions. Can someone direct me to one?

--Chessbot

"See the TURTLE of enormous girth!"
-- Stephen King, The Dark Tower series
 
Upvote 0 Downvote
Why do you have to store the password in a session?

To add the SID to links:
<a href="foo_bar.php?<?=SID?>" title="foobar!">foobar with SID</a>

the same method is used for forms..
either with hidden field:
<input type="hidden" name="SID" value="<?=SID?>" />
or: <form action="?<?=SID?>"...


Olav Alexander Mjelde
Admin & Webmaster
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

W
  • Locked
  • Question
how to send checked row data in php
Replies
0
Views
338
wiltang2004
W
SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
690
SashaBuilder3
SashaBuilder3
EdLentz
  • Locked
  • Question
Partial link in email
Replies
1
Views
367
spamjim
spamjim
PeDa
  • Locked
  • Question
Unwanted spaces in php HTML mail 1
Replies
4
Views
513
PeDa
PeDa
ersatz
  • Locked
  • Question
How to send 2 select from mysql database in email like tables
Replies
5
Views
731
ersatz
ersatz

Part and Inventory Search

Sponsor

Back
Top