[nycphp-talk] Session woes
Nasir Zubair
lists at ny-tech.net
Sat Oct 18 19:55:27 EDT 2003
Hi,
> Are you using cookies to pass the session ID? I strongly suggest using
> URI based session ID's, just for reasons like this. You can check out my
> Simple Session Solution class:
> http://www.analysisandsolutions.com/software/session-simple/
PHPSESSID is passed through the URL, since I'm working between three
subdomains ( xyz.domain.com ) and the main doamin itself. I tried cookies,
but failed terribly LOL. It is passed as
http://www.domain.com/file.php?PHPSESSID={sid} {sid} = session id.
I'll take a look at your code and see if I can update my code.
> Are you using IP addresses for session authentication anywhere? AOL's
> system seems to have users browsing via a proxy which can change IP's
> along the way.
The very reason I didn't use IP addresses in any of my authentication
procedures. I just store userid, usergroup and a couple of other things in
$_SESSION.
- Nasir
More information about the talk
mailing list