如何在URL中发送PHPSESSID?
[英]How can I send PHPSESSID in the URL?
问题描述
I'm trying to send the PHPSESSID via a HTTP GET variable for a cookie-less client. 
我正在尝试通过HTTP GET变量为无cookie客户端发送PHPSESSID。
I've seen this in various drupal implementations where ?PHPSESSIONID=123ABC is appending to each link, but how do I specify this in PHP and is there any way of changing the GET parameter so it could be ?token=123ABC, or even sent via HTTP POST? 我在各种drupal实现中已经看到过这种情况,其中?PHPSESSIONID=123ABC附加到每个链接,但是我如何在PHP中指定它,是否有任何方法可以更改GET参数,因此它可以是?token = 123ABC,甚至是已发送通过HTTP POST?
Standard LAMP stack, running the Zend framework. 标准LAMP堆栈,运行Zend框架。
Thanks! 谢谢!
4 个解决方案
解决方案1
9 已采纳 2009-08-07 10:54:23
Using a cookie or not is configured by these PHP options : 使用cookie或不使用cookie由以下PHP选项配置:
If the first one is set, cookies will be used if possible. 如果设置了第一个,则尽可能使用cookie。
PHP should detect if cookies are enabled or not, and use them only if they are supported by the client. PHP应检测是否启用了cookie,并且仅在客户端支持cookie时才使用它们。
To enable passing of the session id by GET instead of cookies, you might have to activate session.use_trans_sid , which is disabled by default (Which means that, by defaut, session id is only passed by cookies -- never by GET) . 要启用通过GET而不是cookie传递会话ID,您可能必须激活session.use_trans_sid ,默认情况下禁用(这意味着,通过defaut,会话ID仅通过cookie传递 - 永远不会通过GET传递) 。
But note that, with this option activated, PHP will pass the session id by GET at least for the first page each user of your site will come to... as they won't have the cookie at first, and the only way to check if they support cookies is by setting one, and trying to read it back on the next page. 但请注意,启用此选项后,PHP将至少通过GET传递会话ID,因为他们将首先访问您网站的每个用户的第一页...因为他们最初不会拥有cookie,而且只能通过检查他们是否支持cookie是通过设置一个,并尝试在下一页上阅读它。
And users that don't support cookies, including search engines I'd probably say, will have that session id -- and that is not nice :-( 并且不支持cookie的用户,包括我可能会说的搜索引擎,会有会话ID - 这不是很好:-(
And, you might also want to take a look at session.name to set the name of the key (set to to "token" instead of "PHPSESSID", I mean) 而且,您可能还想查看session.name来设置密钥的名称(设置为“token”而不是“PHPSESSID”,我的意思是)
For more details, you can take a look at the Session Handling section of the manual :-) 有关更多详细信息,您可以查看手册的“ 会话处理”部分:-)
解决方案2
2 2009-08-07 11:29:05
Doing it manually: 手动完成:
if ($_REQUEST['token'])
session_id($_REQUEST['token']);
session_start();
print("foo=".$_SESSION['foo']++."<br />".
"<a href={$PHP_SELF}?token=".session_id().">link</a><br />");
print("<form method=POST>".
"<input type=hidden name=token value=".session_id()." />".
"<input type=submit /></form>");
解决方案3
1 2009-08-07 10:48:28
You can change PHPSESSID using session_name() or session.name in your php.ini file (or using ini_set() ). 您可以使用php.ini文件中的session_name()或session.name (或使用ini_set() )更改PHPSESSID。
For cookieless clients, there's the session.use_trans_sid php.ini option - you should be aware that this can cause problems - for example users passing URLs with session IDs in to each other, or search engines picking up such URLs. 对于无cookie客户端,有session.use_trans_sid php.ini选项 - 您应该知道这可能会导致问题 - 例如用户将具有会话ID的URL相互传递,或者搜索引擎获取此类URL。
解决方案4
0 2017-02-07 06:57:47
- Create a login page, the user must not login without correct id and password. 创建登录页面,用户不得在没有正确ID和密码的情况下登录。
- After logging in the user comes to the home, here user can logout and goes back to the login page. 登录后,用户进入家中,此处用户可以注销并返回登录页面。
- User must not access home page without going through the login page. 用户不得在不通过登录页面的情况下访问主页。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.