XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Community Support forums / 
  3. XOOPS general usage questions 
  4.  / watch out your PHPSESSID
Register
41
m0nty
Re: watch out your PHPSESSID

  • 2006/3/28 14:03

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


bumbum, you may get better help if you posted your problem in the correct forum with as much info as possible instead of in this thread which doesn't have anything to do with blank pages.

if everybody who has problems hijacks other threads that aren't relevant to the problem, then it would be hard for any1 to find these threads when everything is all over the place.. (errr yep kinda like now on xoops.org)

1 topic, 1 question or related issue dealing with the same topic discussion. different problems, start a new thread (search b4 posting tho) that way it might become a hell of a lot easier to actually find answers and make things a bit more organised..
42
bumbum
Re: watch out your PHPSESSID

  • 2006/3/28 14:35

  • bumbum

  • Just popping in

  • Posts: 99

  • Since: 2004/10/18


Sorry about that m0nty, I actually WAS on a different thread https://xoops.org/modules/newbb/viewtopic.php?post_id=211913&topic_id=48284&forum=1 but I was recommended to go here to see if I could get more help.
No attempt to 'hijack' this thread as my initial query was in relation to the SQL error in PHP debug about sessions that I ws having:Quote:
Notice [PHP]: A session had already been started - ignoring session_start() in file include/common.php line 177

Anyway, I'm gonna keep looking for a solution - Take care...
43
m0nty
Re: watch out your PHPSESSID

  • 2006/3/28 18:16

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


the notice is fine.

it only means a second session was started, but if you use php > 4.3.3 or higher, the 2nd session is ignored. the notice is just there to let u know.

do u get that notice on every page? or just with specific modules/pages..

if you clear your cookies, it should solve that problem, or rename the custom session in preferences and make sure trans_sid is disabled. i've never had that problem myself, but then it would probably be because we don't all have the same configurations.

it is however safe to ignore the notice instead of trying to find a solution which would be a waste of time being as it isn't anything to worry about.

the notice will not cause a blank page, so that problem is nothing to do with the session.
44
bumbum
Re: watch out your PHPSESSID

  • 2006/3/28 18:28

  • bumbum

  • Just popping in

  • Posts: 99

  • Since: 2004/10/18


Thanks m0nty
45
peterr
Re: watch out your PHPSESSID

  • 2006/4/18 4:25

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


The sid (PHPSESSID) is still being appended to the url, after logging on.

The .htaccess values

php_flag session.use_only_cookies on
php_flag session.use_trans_sid off


and the XOOPS admin ..

- use custom sessions (YES)
- supplied a session name

I notice in the cookies, there are two ccokies being set, one is PHPSESSID and the other the custom session name, both have the same values.

The sid appears to be only appended after logging in, but if a user logs in, and then sends the link/url to someone, won't that indicate the possibility of session hijacking ??

Other info ..

PHP Version 4.4.1
allow_url_fopen On
register_globals On
session.use_cookies On On
session.use_only_cookies On Off
session.use_trans_sid Off On

P
NO to the Microsoft Office format as an ISO standard.
Sign the petition
46
peterr
Re: watch out your PHPSESSID

  • 2006/4/18 5:03

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Hmm, .. now it's okay, well _sort_ of.

Here's what happens, two scenarios

1. I go to the site, clear cookies, then login, and it goes to the main page, and displays the PHPSESSID in the url.

2. I go to the site, and don't clear cookies, then login, and it goes to the main page, NO sid displayed in the url.

Quote:

m0nty wrote:
if trans_sid is off, then you shouldn't see sessionid in the url unless there's a problem with cookies not being received or read by your computer.


and I do have the .htaccess value

php_flag session.use_trans_sid off

which doesn't make sense to me, if the .htaccess setting has modified the php settings (and it has, as a phpinfo() reported), then I should not see a session ID in any url, right ?

P
NO to the Microsoft Office format as an ISO standard.
Sign the petition
« 1 2 3 4 (5)

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

341 user(s) are online (278 user(s) are browsing Support Forums)

Members: 0

Guests: 341

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits