Chris, et al --
...and then David T-G said...
%
% Let me go back over my code and see where I've screwed something up.
That didn't take too long.
I was using SCRIPT_URI instead of PHP_SELF. Ah.
I guess PHP_SELF is my friend and none other. Good enough!
So we have
- use session_start() as
Chris, et al --
...and then Chris Shiflett said...
%
% --- David T-G <[EMAIL PROTECTED]> wrote:
% > OK, but I know I have a problem and what I need is a solution :-)
%
% Yes, I understand. :-)
*grin*
%
% > > If you look at the output of phpinfo() on this exact same script,
% > > is the local
--- David T-G <[EMAIL PROTECTED]> wrote:
> OK, but I know I have a problem and what I need is a solution :-)
Yes, I understand. :-)
> > If you look at the output of phpinfo() on this exact same script,
> > is the local value of session.use_trans_sid still 1?
>
> Yep. See a previous list reply.
Chris, et al --
...and then Chris Shiflett said...
%
% --- David T-G <[EMAIL PROTECTED]> wrote:
% > BTW, the same URL with .phps will let you see the PHP source.
%
% Well, hopefully only because you have a duplicate file (or a link) by that
% name. :-)
Yep. Created just for this exercise :-)
--- David T-G <[EMAIL PROTECTED]> wrote:
> BTW, the same URL with .phps will let you see the PHP source.
Well, hopefully only because you have a duplicate file (or a link) by that
name. :-)
Also, I meant view source as in the HTML output, not the PHP.
> % PHP is doing the session.use_trans_sid s
Chris, et al --
...and then Chris Shiflett said...
%
% --- David T-G <[EMAIL PROTECTED]> wrote:
% > %
% > % session.use_trans_sid = 1
% >
% > Yep.
%
% OK, well PHP should add the session identifier to the URL for every link
OK.
% on the first page. This is because PHP can't tell until the n
--- David T-G <[EMAIL PROTECTED]> wrote:
> % Check your php.ini and see if you can find this:
> %
> % session.use_trans_sid = 1
>
> Yep.
OK, well PHP should add the session identifier to the URL for every link
on the first page. This is because PHP can't tell until the next request
whether the b
Chris, et al -
...and then Chris Shiflett said...
%
% --- David T-G <[EMAIL PROTECTED]> wrote:
% >
% > I specified the SID, and it finally works -- but I thought that PHP was
% > supposed to format my URLs the right way for me, and even moreso didn't
% > think that I needed the ? because the SID
--- David T-G <[EMAIL PROTECTED]> wrote:
> If I run
>
> http://test.locations.org/sessions/extracting.php
>
> with cookies on, then upon reload $_SESSION[pw] has a value, which is
> expected. If cookies are off, though, it does not, and I do not see the
> SID in the URL even after the click. So
Hi, all --
We were using php 4.2.3 on our first server (FreeBSD-4.5) and apparently
exploited, quite unknowingly, a bug. We also have register_globals on
(we'll work more on that later). Then we added another server (FBSD 4.8
and php 4.3.4rc1) and tried our code and the page passwords didn't wor
10 matches
Mail list logo
