All geek questions in one place

Php session.use_trans_sid

I do not understand how to use and use php session.use_trans_id.

The online documentation says:

the session.use_trans_sid runtime parameter is enabled, relative URIs will be changed to contain the session identifier automatically. Does this mean that ALWAYS will add a session identifier? Or only when cookies do not work?

Will it automatically add it to javascript window.location or ajax calls?

In addition, the php.ini file says:

trans sid support is disabled by default.
Use of trans sid may risk your users security.
Use this option with caution.
 - User may send URL contains active session ID
   to other person via. email/irc/etc.
 - URL that contains active session ID may be stored
   in publically accessible computer.
 - User may access your site with the same session ID
   always using URL stored in browser history or bookmarks.
 http://php.net/session.use-trans-sid

I am confused, online docs said that Unless you are using PHP 4.2.0 or later, you need to enable it manually. So why will it be disabled by default? (I am using php 5).

Also, is this feature NEEDED to handle users with cookies disabled?

+3
4

:

if(isset($_COOKIE['session_name'])){
            ini_set("session.use_trans_sid",false);
            session_start();
            ///////////////////
            //any hard tracking code or hard work goes here
            // like $_SESSION['msisdn']="9455366212";
            ///////////////////
            $_SESSION['cookie_support']=1;
}else{
            ini_set("session.use_trans_sid",true);
            session_start();
            $_SESSION['cookie_support']=0;
}

, $_SESSION['cookie_support']; cookie_support=0

+2

, - sid, , , .

+2

" , ? cookie ?"

  • cookie . , session.use_trans_sid session.use_cookies 1, session.use_only_cookies : 1 URL. . .

" javascript window.location ajax-?"

  • . PHP , Ajax, URL- ( , , URL- ).

" PHP 4.2.0 , "

  • ( ) PHP < 4.2. PHP5 ( , php.ini).

" , cookie?"

  • , . ( - Javascript + PHP .)
+2

if you include "use_trans_sid" then the session identifier is bound to the url every time. I'm not sure what happens on ajax request, but I think it will be attached to.

And yes, you need trans_sid when the user has disabled cookies, but its appearance is unsafe (think that someone is looking at your screen and writing down your session ID? :-)).

0
source

Source: https://habr.com/ru/post/1723056/

More articles:


All Articles