Geek Answers Handbook

Passing Session ID via URL

I am trying to get my script to use the url session id instead of cookies. The following page does not display the variable in the URL as a session identifier. Something is missing for me.

First page http://www.website.com/start.php

ini_set("session.use_cookies",0); ini_set("session.use_trans_sid",1); session_start(); $session_id = session_id(); header("location: target.php?session_id=". $session_id );

Next page - http://www.website.com/target.php?session_id=rj3ids98dhpa0mcf3jc89mq1t0

 ini_set("session.use_cookies",0); ini_set("session.use_trans_sid",1); print_r($_SESSION); print(session_id())

The result is a different session identifier, and the session is empty.

Array ([debug] => no) pt1t38347bs6jc9ruv2ecpv7o2

+4
source share
4 answers

be careful when using url to pass session identifiers, which can lead to session capture through referent!

+4
source

It looks like you just need to call session_start () on the second page.

From the docs:

session_start () creates a session or resumes the current one based on the current session identifier that is passed through the request, for example GET, POST or cookie.

EDIT:

However, you can also try to manually capture the session identifier from the query string. On the second page, you need to do something like:

 ini_set("session.use_cookies",0); ini_set("session.use_trans_sid",1); session_id($_GET['session_id']); print_r($_SESSION); print(session_id());

Note that the session_id () function will set the identifier if you pass it the identifier as a parameter.

+3
source

My problem was using Flash in FF (like flash piggy backs IE, so sessions are not propagated between Flash object and firefox)

Using php 5.3, all of these answers pointed to the truth. What I finally found to work was pretty simple. Pass the identifier in the query string. Install it. Then start the session.

 session_id($_GET['PHPSESSID']); session_start();
+2
source

Instead of hardcoding 'PHPSESSID' use this:

 session_id($_GET[session_name()]);
+2
source

More articles:


All Articles