The cookie and session, generally considered to be two separate things, the session is to keep the state on the server side of the scheme, and the cookie is the client to maintain the state of the scheme. But why can't I get a session by disabling cookies? Because the session ID is used to determine the current session of the server session, and the session ID is passed through a cookie, disable the cookie equivalent to lose the session ID, will not get the session.
Is the cookie allowed to be disabled, the session must not be used?
1. ASP
In ASP, the session must rely on the cookie to be available, the session is stored on the server side, and the cookie is stored on the client, relatively speaking, the session security and reliability is higher than the cookie.
2. PHP
In PHP, the associated configuration allows the session to exist without relying on cookies. This is because:
session, stored on the server side (the default file storage session), based on the session ID provided by the client to the user's file, get the value of the variable, Session ID can use the client's cookie or Http1.1 protocol Query_ String (the "?" of the URL that is visited Later) to the server, and then the server reads the Session Directory .... That is, the session ID is the ID that gets the session variable stored on the service. When the Code session_start (), run, on the server generated a session file, followed by the only corresponding to a session ID, define the session variable to be stored in a certain form in the session file just generated. The session ID allows you to remove the defined variable. After the spread, in order to use the session, you must also execute session_start (); A session file will be generated, corresponding to the session ID, with this session The ID is not the variable in the first session file mentioned above, because the session ID is not the "key" to open it. If the Session_Start (), preceded by the code session_id ($session ID), will not generate a new session file, directly read the session file corresponding to this ID.
The session in PHP uses the client's cookie to save the session ID by default, so it will affect the session when there is a problem with the client's cookie. It is important to note that the session does not necessarily have to rely on cookies, which is a clever place for the session compared to cookies. When the client's cookie is disabled or there is a problem, PHP automatically attaches the session ID to the URL, so that the session ID can be used across the page to use the session variable. However, this attachment also has certain conditions, that is, "Session.use_trans_sid = 1 in php.ini", or the "--enable-trans-sid" option is turned on at compile time.
Friends who have used the forum know that when entering the forum, you will often be prompted to check whether the cookie is open, this is because most of the forum is based on cookies, forum use it to save user name, password and other user information, easy to use. And many friends think that cookies are unsafe (not really) and often disable them. In fact, in the PHP program, we can use the session instead of cookies, it can not depend on whether the client to open cookies.
So, we can put aside cookies using the session, that is, assuming the user closes the cookie in the case of the use of the session, there are several ways to achieve the following:
1. Set the "Session.use_trans_sid = 1" In the php.ini configuration file, or open the "--enable-trans-sid" option at compile time to have PHP automatically pass the session ID across pages.
2. Manually pass the session ID via URL value, hidden form.
3. Save the session ID in the form of a file, database, etc., and invoke it manually during the cross-page process.
Route 1 illustrates:
--------------------------------------------------------------------------------------------------------------- ----
s1.php
Session_Start ();
$_session[' var1 ']= "People's Republic of China";
$url = "Next page";
echo $url;
?>
--------------------------------------------------------------------------------------------------------------- ----
--------------------------------------------------------------------------------------------------------------- ----
s2.php
Session_Start ();
echo "passes the value of the SESSION variable var1:". $_session[' var1 ');
?>
--------------------------------------------------------------------------------------------------------------- ----
Running the above code, in case the client cookie is normal, should be able to get the result "People's Republic of China".
Now you manually shut down the client's cookie and run it, you may not get the result. If you don't get the result, set the "Session.use_trans_sid = 1" In the php.ini file, or open the "--enable-trans-sid option" at compile time and get the result "People's Republic of China".
Route 2 illustrates:
--------------------------------------------------------------------------------------------------------------- ----
s1.php
Session_Start ();
$_session[' var1 ']= "People's Republic of China";
$SN = session_id ();
$url = "Next page";
echo $url;
?>
--------------------------------------------------------------------------------------------------------------- ----
--------------------------------------------------------------------------------------------------------------- ----
session_id ($_get[' s ');
Session_Start ();
echo "passes the value of the SESSION variable var1:". $_session[' var1 ');
?>
--------------------------------------------------------------------------------------------------------------- ----
Route 3 illustrates:
--------------------------------------------------------------------------------------------------------------- ----
Login.html
<title>Login</title>
Please login:
--------------------------------------------------------------------------------------------------------------- ----
--------------------------------------------------------------------------------------------------------------- ----
mylogin1.php
$name =$_post[' name '];
$pass =$_post[' pass ';
if (! $name | |! $pass) {
echo "User name or password is blank, please login again";
Die ();
}
if (! ( $name = = "LAIGW" && $pass = = "1234") {
echo "username or password is incorrect, please login again";
Die ();
}
Registered users
Ob_start ();
Session_Start ();
$_session[' user ']= $name;
$psid =session_id ();
$FP =fopen ("D:\tmp\phpsid.txt", "w+");
Fwrite ($fp, $psid);
Fclose ($FP);
Authentication successful, related operations
echo "Logged in
";
echo "Next page";
?>
--------------------------------------------------------------------------------------------------------------- ----
--------------------------------------------------------------------------------------------------------------- ----
mylogin2.php
$FP =fopen ("D:\tmp\phpsid.txt", "R");
$sid =fread ($FP, 1024);
Fclose ($FP);
session_id ($SID);
Session_Start ();
if (Isset ($_session[' user ') && $_session[' user ']= "LAIGW" {
echo "Logged in!";
} else {
Successful login for related operations
echo "Not logged in, not authorized to access";
echo "Please login and browse";
Die ();
}
?>
--------------------------------------------------------------------------------------------------------------- ----
Similarly, please turn off the cookie test, user name: LAIGW; password: 1234; This is the file to save the session ID, the file is: D:/tmp/phpsid.txt, depending on your system to determine the file name or path.
Summing up, the above method has a common point, is to get the session ID on the previous page, and then try to pass to the next page, the next page of the Session_Start (), the code before the code session ID (pass over the session ID).
The above describes the cookie is disabled, session can also be used? , including the aspects of the content, want to be interested in PHP tutorial friends helpful.
