Session scheme when PHP cookie is disabled

Source: Internet
Author: User
Tags ini session id sessions variable client

Friends who have used sessions in PHP may encounter a problem where the session variable cannot be passed across pages. This annoyed me for a few days, and finally I thought through the data and solved the problem. I think there are several reasons for this problem:
1, the client has disabled cookies
2, browser problems, temporarily unable to access cookies
3, Session.use_trans_sid = 0 in php.ini or the--ENABLE-TRANS-SID option is not turned on at compile time

Why is that? Let me explain:

The session is stored on the server side (the default is to store session by file), according to the session ID provided by the client to the user's file, get the value of the variable, session ID can use the client's cookie or Http1.1 protocol Query_ String (that is, the "?" of the URL that is accessed) Later) to the server, and then the server reads the directory of the session .... In other words, the session ID is the identity card that gets the session variable stored on the service. When the Code session_start (), the runtime, on the server generated a session file, followed by a unique corresponding session ID, the definition of the session variable in a certain form stored in the session file just produced. With the session ID, you can take out the defined variables. After the page spread, in order to use the session, you must also execute session_start (), and will produce a session file, corresponding to produce the corresponding session ID, with this session The ID is not a variable in the first session file mentioned earlier, because the session ID is not the key to open it. If the code session_id ($session ID) is preceded by the session_start (), the new session file is not generated and the session file corresponding to this ID is read directly.

The session in PHP by default uses the client's cookie to save the sessions ID, so when the client's cookie has a problem, it will be affected. It is important to note that the session does not have to rely on cookies, which is a clever place to compare cookies to. When a client's cookie is disabled or a problem occurs, PHP automatically attaches the session ID to the URL, so that the session variable can be used across the page with the session ID. But this kind of attachment also has certain condition, namely "SESSION.USE_TRANS_SID = 1 in php.ini" or open at compile time--enable-trans-sid option.

Friends who have used the forum know that when entering the forum, often prompts you to check whether the cookie is open, this is because most of the forum is based on cookies, the forum with it to save user names, passwords and other user information, easy to use. And many friends think cookies are unsafe (not really) and often disable them. In fact, in the PHP program, we can use session to replace cookies, it can not rely on whether the client to open cookies.

So, we can put aside cookies using session, that is, if the user turned off the cookie in the case of using session, the implementation of the following methods:

1, set the SESSION.USE_TRANS_SID = 1 in php.ini or compile-time open the--ENABLE-TRANS-SID option, let PHP automatically spread the session ID across the page.
2, manually through the URL to pass the value, hide the form pass session ID.
3, in the form of files, databases and other forms of saving session_id, in the spread of the process of manual call.

Route 1 provides an example of:

s1.php

<?php
Session_Start ();
$_session[' var1 ']= "People's Republic of China";
$url = "<a href=". "" s2.php "> Next page </a>";
echo $url;
?>

s2.php

<?php
Session_Start ();
echo "passes the session variable var1 value of:". $_session[' var1 '];
?>

Run the above code, in case the client cookie is normal, you should be able to get the result "People's Republic of China".
Now you manually close the client's cookie, and then run, may not be the result of it. If you do not get the result, then "set the SESSION.USE_TRANS_SID = 1 in php.ini or open the--ENABLE-TRANS-SID option at compile time" and get the result "People's Republic of China"

Route 2 provides an example of:

s1.php

<?php
Session_Start ();
$_session[' var1 ']= "People's Republic of China";
$SN = session_id ();
$url = "<a href=". "" S2.php?s= ". $sn." " > next page </a> ";
echo $url;
?>

s2.php

<?php
session_id ($_get[' s ']);
Session_Start ();
echo "passes the session variable var1 value of:". $_session[' var1 '];
?>

The method of hiding forms is the same as the basics.

Route 3 provides an example of:

Login.html

<! DOCTYPE HTML PUBLIC "-//w3c//dtd HTML 4.01 transitional//en" >
<title>Login</title>
<meta http-equiv= "Content-type" content= "text/html; charset=gb2312 ">
<body>
Please login:
<form name= "Login" method= "POST" action= "mylogin1.php" >
User name: <input type= "text" name= "name" ><br>
Password: <input type= "password" name= "pass" ><br>
<input type= "Submit" value= "Login" >
</form>
</body>

mylogin1.php

<?php

$name =$_post[' name '];
$pass =$_post[' Pass '];
if (! $name! $pass) {
echo "User name or password is blank, please <a href=" login.html "> re-login </a>";
Die ();
}
if (!) ( $name = = "Youngong" && $pass = = "123") {
echo "User name or password is incorrect, please <a href=" login.html "> re-login </a>";
Die ();
}
Registered users
Ob_start ();
Session_Start ();
$_session[' user ']= $name;
$psid =session_id ();
$FP =fopen ("E:\tmp\phpsid.txt", "w+");
Fwrite ($fp, $psid);
Fclose ($FP);
Authentication successful, related actions
echo "Logged in <br>";
echo "<a href=" mylogin2.php "> Next page </a>";

?>

mylogin2.php

<?php
$FP =fopen ("E:\tmp\phpsid.txt", "R";
$sid =fread ($FP, 1024);
Fclose ($FP);
session_id ($SID);
Session_Start ();
if (Isset ($_session[' user ')) && $_session[' user ']= ' laogong ' {

echo "Already logged in!";
}
else {
Successful login for related actions
echo "Not logged in, Access denied";
echo "Please <a href=" login.html "> Login </a> Browse";
Die ();
}

?>

Also please close the cookie test, username: youngong Password: 123 This is the file to save the session ID, the file is: E:mpphpsid.txt, according to their own system to determine the file name or path.

As for the method of using the database, I will not cite an example, similar to the method of the file.

To sum up, the above method has one thing in common, is to get the session ID on the previous page, and then find a way to pass to the next page, the next page of the Session_Start (); Code session_id (pass over the session ID);



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.