Re: session array not available in popup? [message #176992 is a reply to message #176989] |
Mon, 13 February 2012 23:59 |
Michael Fesser
Messages: 215 Registered: September 2010
Karma:
|
Senior Member |
|
|
.oO(cerr)
> I'm currently not using cookies, I'm passing the sessionid as a get
> variable to the script and set it like:
Then most likely the SID gets lost when you open your pop-up. In cases
like this you would have to manually append the predefined constant
'SID' to your URL. See the manual for details. [1]
But the better and recommended way would be to use a session cookie -
that's what cookies are for. SIDs in URLs are a security risk, because
they're stored in logfiles and in HTTP Referrer headers, which exposes
the SID to other people and might allow session hijacking. [2]
So better use a cookie instead, which is safer and should also solve
your problem. Also change these configuration options:
session.use_trans_sid = 0
session.use_only_cookies = 1
to prevent PHP from automatically rewriting URLs.
Micha
[1] http://www.php.net/manual/en/session.idpassing.php
[2] http://www.php.net/manual/en/session.security.php
--
http://mfesser.de/blickwinkel
|
|
|