sessionid

@chramyaFeb 27.2008

Am developing web in which i decided to secure the page.. For that i wants to use sessionid .. My requirements

1. I have to send sessionid through url to every page in login form…

2. I have to get that sessionid in every page to check whether it is right or wrong…

3. If anybody chases my intermediate page`s web address and paste it in another page means it have to show error.. It shouldn`t open that particular webaddress..

It will be helpful for me if u explain me using any sample..

With thanks,,

to post a comment

PHP

9 Comments(s) _↴

@felgallFeb 27.2008 — #You can configure sessions to be passed either by cookie, in the querystring or both. If yuou allow both it will use a cookie whenever possible. The server takes care of the rest.

@TheRaveFeb 27.2008 — #http://www.w3schools.com/php/php_sessions.asp

@chramyaauthorFeb 27.2008 — #thanks for ur reply can u pls explain with some code example..

With thanks..

@TheRaveFeb 27.2008 — #First is there any reason you want/need the sessionID to be in the URL. It is more common and slightly more secure to have the sessionID as a cookie.

Secondly remember sessions can easily be spoofed, captured, hacked.

[code=php]//relevant pages
 session_start();
 $_SESSION['someinfo'][/code]

[code=php]//intermediate page
 //if there's no session then stop processing and don't display page
 if (!isset($_SESSION['someinfo'])
 {
 die('No session, go away!')
 }[/code]

@chramyaauthorFeb 27.2008 — #somebody will copy, paste the intermediate webaddress from url and running that page.. I wish to prevent tat... if they copied my url means also they shouldnt open my page...

I can do it by sessionid...

So can u explain abt this

@TheRaveFeb 27.2008 — #

[code=php]//on page before intermediate page
 session_start();
 $_SESSION['validationflag']=true;
 [/code]

[code=php]//on intermediate page
 if ($_SESSION['validationflag']!=true)
 {
 die('Page not directly accessible')
 }[/code]

As I said before its easy to spoof sessions though.

}

@chramyaauthorFeb 28.2008 — #Thank u for ur reply..

is there anyway to do the by passing sessionid through url getting it in every page and after that we have to check whether it is correct url with sessionid or not...

If yes means it should move on to another page or it has to show error..

with thanks,,

@TheRaveFeb 28.2008 — #Session can be passed through the URL just as any parameter can be passed.

example.php?PHPSESSID=00000000000

Can I ask WHY you want to pass it in the URL and not use cookies? It is even less secure, to allow session IDs to be passed this way.

Do you REALLY need to have them in the URL or will cookies be ok?

@chramyaauthorMar 10.2008 — #Through URL only i need to pass.. And i have to call for 403 FORBIDDEN ERROR.....Hw to call this from server..

With thanks..

Also in #PHP _↴

Problem with php and a cron job output server IP Question about using NOW()

Success!

Help @chramya spread the word by sharing this article on Twitter...

Tweet This

about: ({
version: 0.1.9 — BETA 5.3,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});

changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...

recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...

sessionid

9 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

sessionid

9 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

9 Comments(s) _↴

Also in #PHP _↴