当Cookie被禁用时，PHP会话如何工作？ [英] How do PHP sessions work when cookies are disabled?

问题描述

我试图研究这个机制，但只是找到提示，这些不是很一致。如何将会话_id发送到浏览器，以及在用户请求新页面时如何返回浏览器？

I've tried to research this mechanism but only find hints and these are not very consistent. How is the session _id sent to the browser and how is the browser instructed to return it when the user requests a new page?

感谢Chris

推荐答案

PHP会做两件事：

• 所有链接都传递一个额外的GET参数，通常是PHPSESSID，但这可以通过在php.ini中设置session.name来更改


• 它会添加一个隐藏的输入， c $ c>< form> 开启标签。

• It will rewrite all links to pass an extra GET parameter, usually PHPSESSID but this can be changed by setting session.name in php.ini
• It will add a hidden input with the same name after all <form> opening tags.

请注意，这是一件危险的事情，因为任何人你复制/粘贴包含PHPSESSID参数的网址将能够在网站上共享您的登录会话 - 网络服务器没有简单的方法告诉您与您发送链接的人不同...

Note that this is a dangerous thing to do, because anyone who you e.g. copy/paste a URL to containing an PHPSESSID parameter will be able to share your login session on the site - the webserver has no easy way of telling that you are different from the person you sent the link to...

这篇关于当Cookie被禁用时，PHP会话如何工作？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！