NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP session id's in access logs

D. J. Waletzky dj at waletzky.com
Wed Jul 2 12:34:32 EDT 2003


Just a thought, but I know Apache can log the username of the client, if
you use HTTP authentication. I know when I look at logs for parts of my
site which use Apache authentication, it does log my username in a
separate field. The relevant variable is $_SERVER["PHP_AUTH_USER"]. The
problem is that you may have to get users to authenticate themselves...
someone who has a deeper understanding of HTTP authentication should
comment here.

On Wed, 2003-07-02 at 12:00, Winston Churchill-Joell wrote:
> Hi all,
> 
> I have a question about user session id's showing up in apache access 
> logs. We're trying to do some more in-depth analysis of our traffic and 
> sessions came up, of course. My understanding of how PHP manages 
> sessions is that it will propagate the ID in the URL if the browser 
> doesn't support cookies. So how does a user session become apparent in 
> the access logs when the visitor's browser does support cookies? I 
> apologize if the answer to this question is painfully obvious...
> 
> Thanks in advance,
> Winston
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
-- 
D. J. Waletzky
dj at waletzky.com

"Non sunt multiplicanda entia praeter necessitam."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030702/8b222b62/attachment.sig>


More information about the talk mailing list