PHP version 4.4.6

This issue has completely stopped my development.

I read everything I could find on this topic and I've tried all within my (php) script and via .htaccess. I don't have access to php.ini, so I'm probably going to have to rethink my design.



Perhaps it's the way I'm calling up the forms.

Within my menu file (which is included itself), I do this:


if ((($action=='login') || ($action=='reset') || ($action=='register') && (!$session->logged_in)){
echo ' <div id="logger">';
include( INCLUDES.'/login.php' );
}
else{
echo ' <div id="notification">';
}




I've tried both of these in my .htaccess file:


php_value session.use_only_cookies 1
php_value session.use_trans_sid 0



<IfModule mod_php4.c>
php_flag session.use_trans_sid off
php_flag register_globals off
</IfModule>


And at the top of my php script, both before and after the beginning of the session I tried this:


ini_set('session.use_trans_sid', false);



Any ideas appreciated.

The default settings generally use a cookie as the first choice and only put it in the URL when it can't use a cookie. Turning off the ability to use the URL will just make itr unusable when it can't use a cookie. If you are seeing it in the URL then it means your browser isn't able to save it in a cookie due to the browser's settings.

Hi,

I think that the PHPSESSID attached if use relative URLs.. Try using absolute URLs instead (eg. http://yourdomain.com/info.html)

Cheers!

Kostas

Hi there,

maybe I am too stupid to get the point here - what is wrong with "exclusively and explicitly" working with custom $_SESSION[] settings, preferably wrapped into objects?

I am working like this for years avoiding ANY painstaking evaluation of SID stuff. Define a user class (like mySession), pass all necessary stuff in its Constructor, and put up some service functions (with heavy use of $_ ...). It's easy to set up some (artificial) mem-resistance. Take care of minimum session times, default them to something like 15m.

ariell.

Thanks for your help, I finally figured out why it's happening and I won't be needing to edit php.ini, .htaccess or add any extra code to my scripts. I have a function the sets and cleans up GETS, this script was causing all the problems. I'm marking this thread resolved, thanks,

Hmm, I resolved too soon. This is the function that was adding the session ID...


function setUrlVariables() {
$arg = array();
$string = "?";
$vars = $_GET;
for ($i = 0; $i < func_num_args(); $i++)
$arg[func_get_arg($i)] = func_get_arg(++$i);
foreach (array_keys($arg) as $key)
$vars[$key] = $arg[$key];
foreach (array_keys($vars) as $key)
if ($vars[$key] != "") $string.= $key . "=" . $vars[$key] . "&";
if (SID != "" && SID != "SID" && $_GET["PHPSESSID"] == "")
$string.= htmlspecialchars(SID) . "&";

return htmlspecialchars(substr($string, 0, -1));
}



I thought I'd resolved my problem by removing this:

if (SID != "" && SID != "SID" && $_GET["PHPSESSID"] == "")
$string.= htmlspecialchars(SID) . "&";


...from the script above but now htmlspecialchars() is not working, my ampersands are unencoded. I've tried rewriting this several times, I'm just not getting it.