NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP session id's in access logs

Winston Churchill-Joell winston at xylophage.com
Wed Jul 2 12:42:27 EDT 2003


Well, that did get me thinking about environment variables -- I might 
be in danger of answering my own question, but is it as simple as 
disabling session.use_cookies in the .ini file?


On Wednesday, July 2, 2003, at 12:34  PM, D. J. Waletzky wrote:

> Just a thought, but I know Apache can log the username of the client, 
> if
> you use HTTP authentication. I know when I look at logs for parts of my
> site which use Apache authentication, it does log my username in a
> separate field. The relevant variable is $_SERVER["PHP_AUTH_USER"]. The
> problem is that you may have to get users to authenticate themselves...
> someone who has a deeper understanding of HTTP authentication should
> comment here.
>
> On Wed, 2003-07-02 at 12:00, Winston Churchill-Joell wrote:
>> Hi all,
>>
>> I have a question about user session id's showing up in apache access
>> logs. We're trying to do some more in-depth analysis of our traffic 
>> and
>> sessions came up, of course. My understanding of how PHP manages
>> sessions is that it will propagate the ID in the URL if the browser
>> doesn't support cookies. So how does a user session become apparent in
>> the access logs when the visitor's browser does support cookies? I
>> apologize if the answer to this question is painfully obvious...
>>
>> Thanks in advance,
>> Winston
>>
>> _______________________________________________
>> talk mailing list
>> talk at lists.nyphp.org
>> http://lists.nyphp.org/mailman/listinfo/talk
> -- 
> D. J. Waletzky
> dj at waletzky.com
>
> "Non sunt multiplicanda entia praeter necessitam."
> <signature.asc>_______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk




More information about the talk mailing list