php session.use_trans_sid [英] php session.use_trans_sid
问题描述
我不清楚php session.use_trans_id的含义和用法.
I am not clear on the meaning and usage of php's session.use_trans_id .
在在线文档上,它显示:
On the online documentation, it says:
运行时选项 session.use_trans_sid已启用, 相对URI将更改为 自动包含会话ID. 这是否意味着将始终添加会话ID?还是仅在Cookie无法正常工作时?
the run-time option session.use_trans_sid are enabled, relative URIs will be changed to contain the session id automatically. Does this mean it will ALWAYS add the session id? Or only when cookies are not working?
会自动将其添加到javascript的window.location或ajax调用中吗?
Will it automatically add it to javascript's window.location or ajax calls?
此外,在php.ini文件中,它表示:
Also, in the php.ini file, it says:
trans sid support is disabled by default.
Use of trans sid may risk your users security.
Use this option with caution.
- User may send URL contains active session ID
to other person via. email/irc/etc.
- URL that contains active session ID may be stored
in publically accessible computer.
- User may access your site with the same session ID
always using URL stored in browser's history or bookmarks.
http://php.net/session.use-trans-sid
我很困惑,在线文档说Unless you are using PHP 4.2.0 or later, you need to enable it manually.那么,为什么默认情况下会禁用它呢? (我正在使用php 5).
I'm confused, the online docs said that Unless you are using PHP 4.2.0 or later, you need to enable it manually. So why would it be disabled by default? (I'm using php 5).
此外,该功能不是处理禁用Cookie的用户所必需的吗?
Also, isn't this feature NECESSARY to handle users with cookies disabled?
推荐答案
这是否意味着它将始终添加会话ID?还是仅在cookie无法正常工作时才使用?"
- 仅当Cookie无法正常工作时.另外,如果
session.use_trans_sid和session.use_cookies均为1,则session.use_only_cookies决定:1将禁用URL重写.参见这篇不错的文章. /li>
- Only when cookies are not working. Plus, if both
session.use_trans_sidandsession.use_cookiesare 1, thensession.use_only_cookiesdecides: 1 will disable URL-rewriting. See this nice article.
会自动将其添加到javascript的window.location或ajax调用中吗?"
- 不. PHP不知道什么是Ajax,它只是在其页面输出缓冲区中重写 literal URL(请注意,任何 linked 脚本一旦具有硬编码的URL,将如何中断会话.该网站).
- No. PHP does not know what Ajax is, it just rewrites literal URLs in its page output buffer (note how any linked scripts will break the session as soon as they have a hardcoded URL to the site).
除非您使用的是PHP 4.2.0或更高版本,否则需要手动启用它"
- (确实令人困惑)表示重新编译 PHP< 4.2.对于PHP5,它只是在配置中被禁用 (出于您引用php.ini的原因).
- That (indeed confusingly) meant recompiling PHP < 4.2. For PHP5, it's just disabled in the config (for reasons you quoted from php.ini).
此外,该功能不是处理禁用Cookie的用户所必需的吗?"
- 是的,是的. (除非您为某些非常特殊的情况提供了一些自定义的Javascript + PHP解决方案,而这些情况又削弱了可用性并提供了很大的折衷.)
这篇关于php session.use_trans_sid的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
