session.idpassing.html

来自「php的帮助文档,涉及到PHP的案例和基本语法,以及实际应用内容」· HTML 代码 · 共 92 行

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
 <head>
  <title>Passing the Session ID</title>
  <meta http-equiv="content-type" content="text/html; charset=UTF-8">
 </head>
 <body><div style="text-align: center;">
 <div class="prev" style="text-align: left; float: left;"><a href="session.examples.html">Examples</a></div>
 <div class="next" style="text-align: right; float: right;"><a href="session.customhandler.html">Custom Session Handlers</a></div>
 <div class="up"><a href="session.examples.html">Examples</a></div>
 <div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="session.idpassing" class="section">
  <h2 class="title">Passing the Session ID</h2>
  <p class="para">
   There are two methods to propagate a session id:
   <ul class="itemizedlist">
    <li class="listitem">
     <span class="simpara">
      Cookies
     </span>
    </li>
    <li class="listitem">
     <span class="simpara">
      URL parameter
     </span>
    </li>
   </ul>
  </p>
  <p class="para">
   The session module supports both methods. Cookies are optimal, but
   because they are not always available, we also provide an alternative
   way.  The second method embeds the session id directly into URLs.
  </p>
  <p class="para">
   PHP is capable of transforming links transparently. Unless you are using
   PHP 4.2.0 or later, you need to enable it manually when building PHP.
   Under Unix, pass <a href="session.configuration.html#ini.session.use-trans-sid" class="link">
   --enable-trans-sid</a> to configure. If this build
   option and the run-time option
   <i>session.use_trans_sid</i> are enabled, relative
   URIs will be changed to contain the session id automatically.
   <blockquote><p><b class="note">Note</b>: 
    
    The <a href="ini.core.html#ini.arg-separator.output" class="link">arg_separator.output</a>
    <var class="filename">php.ini</var> directive allows to customize the argument seperator. For full
    XHTML conformance, specify &amp;amp; there.
    <br />
   </p></blockquote> 
  </p>
  <p class="para">
   Alternatively, you can use the constant <i>SID</i> which is
   defined if the session started.  If the client did not send an appropriate session
   cookie, it has the form <i>session_name=session_id</i>.
   Otherwise, it expands to an empty string. Thus, you can embed it
   unconditionally into URLs.
  </p>
  <p class="para">
   The following example demonstrates how to register a variable, and
   how to link correctly to another page using SID.
   <div class="example">
    <p><b>Example #1 Counting the number of hits of a single user</b></p>
    <div class="example-contents">
<div class="phpcode"><code><span style="color: #000000">
<span style="color: #0000BB">&lt;?php<br /><br />session_start</span><span style="color: #007700">();<br /><br />if&nbsp;(empty(</span><span style="color: #0000BB">$_SESSION</span><span style="color: #007700">[</span><span style="color: #DD0000">'count'</span><span style="color: #007700">]))&nbsp;{<br />&nbsp;</span><span style="color: #0000BB">$_SESSION</span><span style="color: #007700">[</span><span style="color: #DD0000">'count'</span><span style="color: #007700">]&nbsp;=&nbsp;</span><span style="color: #0000BB">1</span><span style="color: #007700">;<br />}&nbsp;else&nbsp;{<br />&nbsp;</span><span style="color: #0000BB">$_SESSION</span><span style="color: #007700">[</span><span style="color: #DD0000">'count'</span><span style="color: #007700">]++;<br />}<br /></span><span style="color: #0000BB">?&gt;<br /></span><br />&lt;p&gt;<br />Hello&nbsp;visitor,&nbsp;you&nbsp;have&nbsp;seen&nbsp;this&nbsp;page&nbsp;<span style="color: #0000BB">&lt;?php&nbsp;</span><span style="color: #007700">echo&nbsp;</span><span style="color: #0000BB">$_SESSION</span><span style="color: #007700">[</span><span style="color: #DD0000">'count'</span><span style="color: #007700">];&nbsp;</span><span style="color: #0000BB">?&gt;</span>&nbsp;times.<br />&lt;/p&gt;<br /><br />&lt;p&gt;<br />To&nbsp;continue,&nbsp;&lt;a&nbsp;href="nextpage.php?<span style="color: #0000BB">&lt;?php&nbsp;</span><span style="color: #007700">echo&nbsp;</span><span style="color: #0000BB">htmlspecialchars</span><span style="color: #007700">(</span><span style="color: #0000BB">SID</span><span style="color: #007700">);&nbsp;</span><span style="color: #0000BB">?&gt;</span>"&gt;click<br />here&lt;/a&gt;.<br />&lt;/p&gt;</span>
</code></div>
    </div>

   </div>
  </p>
  <p class="para">
   The <a href="function.htmlspecialchars.html" class="function">htmlspecialchars()</a> may be used when printing the SID 
   in order to prevent XSS related attacks.
  </p>
  <p class="para">
   Printing the SID, like shown above, is not necessary if
   <a href="session.configuration.html#ini.session.use-trans-sid" class="link">
   --enable-trans-sid</a> was used to compile PHP.
  </p>
  <blockquote><p><b class="note">Note</b>: 
   
    Non-relative URLs are assumed to point to external sites and
    hence don&#039;t append the SID, as it would be a security risk to
    leak the SID to a different server.
   <br />
  </p></blockquote>
 </div><hr /><div style="text-align: center;">
 <div class="prev" style="text-align: left; float: left;"><a href="session.examples.html">Examples</a></div>
 <div class="next" style="text-align: right; float: right;"><a href="session.customhandler.html">Custom Session Handlers</a></div>
 <div class="up"><a href="session.examples.html">Examples</a></div>
 <div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>