Re: session array not available in popup? [message #176994 is a reply to message #176992] |
Tue, 14 February 2012 18:33 |
cerr
Messages: 33 Registered: September 2010
Karma:
|
Member |
|
|
On Feb 13, 3:59 pm, Michael Fesser <neti...@gmx.de> wrote:
> .oO(cerr)
>
>> I'm currently not using cookies, I'm passing the sessionid as a get
>> variable to the script and set it like:
>
> Then most likely the SID gets lost when you open your pop-up. In cases
> like this you would have to manually append the predefined constant
> 'SID' to your URL. See the manual for details. [1]
>
> But the better and recommended way would be to use a session cookie -
> that's what cookies are for. SIDs in URLs are a security risk, because
> they're stored in logfiles and in HTTP Referrer headers, which exposes
> the SID to other people and might allow session hijacking. [2]
>
> So better use a cookie instead, which is safer and should also solve
> your problem. Also change these configuration options:
>
> session.use_trans_sid = 0
> session.use_only_cookies = 1
>
> to prevent PHP from automatically rewriting URLs.
>
> Micha
>
> [1]http://www.php.net/manual/en/session.idpassing.php
> [2]http://www.php.net/manual/en/session.security.php
>
> --http://mfesser.de/blickwinkel
So Thanks for everyone's feedback. I suddenly started to work as
expected which is very confusing to me and to me... I can not tell
what made this happen... I went as far as rebooting Windows, trying
different browsers and and and.... and then it suddenly... just
worked... :o Very strange and kinda scary!
Thanks for everyone's feedback anyways, it is much appreciated!
Ron
|
|
|