[support] Session problems
Earnie Boyd
earnie at users.sourceforge.net
Tue Jun 24 17:53:56 UTC 2008
Quoting Daniel Carrera <daniel.carrera at zmsl.com>:
> Earnie Boyd wrote:
>>> Thanks. I have to say that I don't really understand that option. I made
>>> the change, but I don't understand what I just did.
>>
>> From http://php.net/session.configuration we see:
>>
>> session.use_only_cookies boolean
>> session.use_only_cookies specifies whether the module will only use
>> cookies to store the session id on the client side. Enabling this
>> setting prevents attacks involved passing session ids in URLs. This
>> setting was added in PHP 4.3.0. Defaults to 1 (enabled) since PHP 6.0.
>
>
> Yes. I had read that. But I don't see what that has to do with sessions
> expiring. For that matter, I don't know what else PHP would be using
> besides cookies.
>
> Oh oh.... I think I get it. That says that the cookie will only the
> session id and and other than that no other information will be
> stored.... Is that right?
>
No, with a TRUE value this prevents the session id being passed in the
$_GET array. PHP used to pass the session id by default appended to
the URL. Now by default it only uses cookies to store the session id.
Earnie -- http://for-my-kids.com/
-- http://give-me-an-offer.com/
More information about the support
mailing list