Reputation: 23
Make use_trans_sid work (Append Session ID to URL)
I am losing hair over this. All I want is to append the Session ID to the URL. To explain why I accept the security risks: the site is meant for mobile use. Some mobile browsers do not accept cookies (in which the Session ID is usually stored). So I don't have much of a choice but to parse the Session ID via the URL.
"So," I thought, "this is easy. Just use this at the beginning of every page:"
ini_set('session.use_trans_sid', 1);
session_start();
Bummer. Didn't work. Ok. Then I created a .htaccess in my subdirectory (the mobile site lies in a subdirectory of the main site) with this in it:
php_flag session.use_trans_sid on
php_value session.use_trans_sid 1
No effect. Getting mad.
Next I tried to change the setting in the php.ini itself just to test it (not an option, since the rest of the websites running on the webserver must not use the "URL-Session-ID"). So I made sure this entry is set:
session.use_trans_sid = 1
Then I restarted the webserver and... to my astonishment but not surprise: NO EFFECT!
In each case I added phpinfo(); at the end of my page to see whether my settings take effect. In every case I got confirmation that session.use_trans_sid = 1 (according to phpinfo()).
This means I must overlook something. Anyone an idea?All I can do now is manually add the Session ID to every link in my code. Please help me avoid this... :)
Any ideas all you stars out there? ;)
BiB
Upvotes: 0
Views: 1286
Answers (2)
Reputation: 23
Ok... this was indeed it. Olirav found the issue.
The whole system doesn't work when a redirect is done somewhere. With every form and every link I call the same page, run it through a central file where I do stuff and then redirect accordingly. That effectively kills use_trans_sid. This means in that central file I must add the sid actually manually. Something like this:
header("Location: " . $url . "index.php?sid=" . session_id());
I hope that this helps someone who ever has the same problem. :)
Thanks Olirav!!!
Upvotes: 0
Reputation: 165
Are you testing this in a normal browser, because if the browser supports cookies the url wouldn't be added?
Upvotes: 1
Related Questions
- passing session id via url
- How to correctly propagate session id to other php pages?
- php session.use_trans_sid
- PHP - Session ID changing when using session.use_trans_sid
- PHP Session SID URL - url does not have SID
- Transmit Session IDs in URLs (Session trans_sid equivalent Laravel)
- Is it possible to load session by SID in php?
- Session id in url
- Sessions without passing SID - is it reliable?
- PHP Sessions and Passing Session ID