To find out were session variables are stored I included this
instruction in my program:
echo ini_get("session.save_path");

The reply was /home/7604/data/tmp which is a folder on my server.

I look at /home/7604/data/tmp and it is full of session files for
today.

Even so, if I have blocked for my site http://easyquestion.net
in IE6 or turned off in Mozilla Firefox no session variabes
are stored. I don't think it should be like this. I read somewhere
that 'PHP sessions will work even if the user has disabled."

What am I doing wrong?

Regards,

Jan Nordgreen

On Nov 8, 9:04 pm, damezumari <jannordgr...@gmail.com> wrote:
> To find out were session variables are stored I included this
> instruction in my program:
> echo ini_get("session.save_path");
>
> The reply was /home/7604/data/tmp which is a folder on my server.
>
> I look at /home/7604/data/tmp and it is full of session files for
> today.
>
> Even so, if I have blocked for my sitehttp://easyquestion.net
> in IE6 or turned off in Mozilla Firefox no session variabes
> are stored. I don't think it should be like this. I read somewhere
> that 'PHP sessions will work even if the user has disabled."
>
> What am I doing wrong?
>
> Regards,
>
> Jan Nordgreen

Yap. That's all normal, just in case you wander. If are
enabled, then
session id will be stored in the , automatically sent on next
request to
to the server, and the PHP script will know which file to open for
reading the
values. However, if you reject , then your browser will not
send anything
to the server and it won't be able to find out which session is yours.

If you don't want to rely on , you can pass SID parameter
(containing what
session_id() returned) as URL argument, which will also be recognized
automatically
when session_start() is called. This, however, isn't recommended, due
to security
issues. Someone can see the ID, and if interested, can type if at his
home as SID
in the URL and automatically be logged in. This is not what you want,
so this technique
is generally avoided.

Your duty, as a programmer, is usually only to make sure are
enabled and display
the page(s), or detect that the are disabled, and warn the
user about this saying
"please turn on your , this site is worth shit without
" (no offense intended,
such is mine, too, and it's not a bad thing)

You can check if are enabled by sending a to the
client, and
checking if it still exists in his next request. It's the only way, to
my knowledge.

I hope this ed.

On Thu, 08 Nov 2007 21:04:30 +0100, damezumari <jannordgreen@gmail.com>
wrote:

> To find out were session variables are stored I included this
> instruction in my program:
> echo ini_get("session.save_path");
>
> The reply was /home/7604/data/tmp which is a folder on my server.
>
> I look at /home/7604/data/tmp and it is full of session files for
> today.

http://nl2.php.net/manual/en/ref.session.php

Check what the chance(!) is that old session files are deleted by the
garbage collecor:

session.gc_probability 1
session.gc_divisor 1
session.gc_maxlifetime 1440


> Even so, if I have blocked for my site http://easyquestion.net
> in IE6 or turned off in Mozilla Firefox no session variabesare
> stored.

A browser with turned off, and session settings only allowing
based sessions will generate a new session on every request. So
yeah, it would be a quickly growing amount of sessionfiles.


> I don't think it should be like this. I read somewhere
> that 'PHP sessions will work even if the user has disabled."

It could work if you allow it.

session.use_ 1
session.use_only_ 0
session.use_trans_sid 1
url_rewriter.tags "a=href,area=href,frame=src,form=,fieldset="

Don't be very amazed if all your clientele from google seem to have the
same sessionid though...
--
Rik Wasmus

damezumari wrote:
> To find out were session variables are stored I included this
> instruction in my program:
> echo ini_get("session.save_path");
>
> The reply was /home/7604/data/tmp which is a folder on my server.
>
> I look at /home/7604/data/tmp and it is full of session files for
> today.
>
> Even so, if I have blocked for my site http://easyquestion.net
> in IE6 or turned off in Mozilla Firefox no session variabes
> are stored. I don't think it should be like this. I read somewhere
> that 'PHP sessions will work even if the user has disabled."
>
> What am I doing wrong?
>
> Regards,
>
> Jan Nordgreen
>
>

Jan,

How PHP handles session id's is determined by the php.ini file. You
have two options: session.use_ and session.use_only_.

If session.use_ is 1, PHP will attempt to store the session id in
a . If it's 0, PHP will pass the session id in the URL.

If session.use_ is 1 and the are disabled on the browser,
then session.use_only_ comes into play. If that is 0, PHP will
again pass the session id in the browser. And if it's 1, PHP will just
not pass the session id at all.

If you're on a shared host, you may be able to override these in your
..htaccess file. It all depends on what your host allows.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================