5 replies to this topic

[coolaid]

these are just some general questions.

1. i know i have to call session_id() before session_start(); but why? i read the php.net manual but just don't understand exactly why.

2. i can't use SID ( host issues i think ), so i always echo out the session id by using echo session_id();
is that perfectly fine?

3. why do most sites put the session id in the url? if you have session_id(); at the top of every page, won't it just use that one?

and uh... i think thats it for now. I got a few more, but maybe one of the answers here will fix what i'm doing

[danieldaniel]

I belive I read somewhere that if the user has cookies off, or you change something in PHP.INI (I don't know what part) it puts the id in the url. I have no clude for the rest of you questions

[Hayden]

i've always gotten that session_id() will be available at $_SESSION["PHPSESSID"].

[rc69]

php.net said:

session_id() is used to get or set the session id for the current session.

1.

php.net said:

If id is specified, it will replace the current session id. session_id() needs to be called before session_start() for that purpose.

Since it either gets or sets the id, it needs to be called before session_start() so that session_start() knows which id to use (only in the case that you are setting the id).

2. Ya, but calling a function multiple times for no reason slows the server down. So cheat.

define('SESSION_ID', session_id());

3.

php.net said:

Passing the Session ID

There are two methods to propagate a session id:
Cookies
URL parameter

The session module supports both methods. Cookies are optimal, but because they are not always available, we also provide an alternative way. The second method embeds the session id directly into URLs.

Since not everybody has cookies enabled, the session id is passed via the url so the next page knows who is accessing the page, and which session data to associate with them. If you have session_id() at the top of every page, you're either wasting time, or know what you're doing.

References:
http://php.net/manua....session-id.php
http://php.net/manua...ssion-start.php
http://php.net/manua...ssion.idpassing

Edited by rc69, 24 September 2006 - 03:13 PM.

[Wolfe]

It's in the pnp.ini file that it's specified whether or not to put SID in the URL.

[rc69]

Thats true, but that's not the problem.

coolaid, on Sep 22 2006, 08:04 PM, said:

2. i can't use SID ( host issues i think ), so i always echo out the session id by using echo session_id();
is that perfectly fine?

The problem is, he can't use SID, he can use session_id() as a substitute for it. I recommended setting his own constant to save calling the same function multiple times.

But incase i misunderstood something, append_sid is the setting in the php.ini file.