[support] Session problems
Daniel Carrera
daniel.carrera at zmsl.com
Tue Jun 24 13:19:10 UTC 2008
Earnie Boyd wrote:
>> Thanks. I have to say that I don't really understand that option. I made
>> the change, but I don't understand what I just did.
>
> From http://php.net/session.configuration we see:
>
> session.use_only_cookies boolean
> session.use_only_cookies specifies whether the module will only use
> cookies to store the session id on the client side. Enabling this
> setting prevents attacks involved passing session ids in URLs. This
> setting was added in PHP 4.3.0. Defaults to 1 (enabled) since PHP 6.0.
Yes. I had read that. But I don't see what that has to do with sessions
expiring. For that matter, I don't know what else PHP would be using
besides cookies.
Oh oh.... I think I get it. That says that the cookie will only the
session id and and other than that no other information will be
stored.... Is that right?
Sorry, I'm dumb. When I read that the first time I thought it meant
"session id will be stored in cookies but nowhere else" and my reaction
was "where else would you store it?".
Daniel.
More information about the support
mailing list