passing session id via url

Question

I\'m trying to get my script to use url session id instead of cookies. The following page is not picking up the variable in the url as the session id. I must be missing some

Answer 1

It looks like you just need to call session_start() on the second page.

From the docs:

session_start() creates a session or resumes the current one based on the current session id that's being passed via a request, such as GET, POST, or a cookie.

EDIT:

That said, you could also try manually grabbing the session id from the query string. On the second page you'd need to do something like:

ini_set("session.use_cookies",0);
ini_set("session.use_trans_sid",1);
session_id($_GET['session_id']);
print_r($_SESSION);
print(session_id());

Note that the session_id() function will set the id if you pass it the id as a parameter.

Answer 2

be careful when using the url to pass session ids, that could lead to session hijacking via the referer!

Answer 3

Instead of hardcoding 'PHPSESSID', use this:

session_id($_GET[session_name()]);

Answer 4

My issue was using Flash in FF (as flash piggy backs IE, so sessions are not shared between the flash object and firefox)

Using php 5.3 all these answers pointed at the truth. What I finally found to work was pretty simple.. pass the id in the query string. Set it. THEN start the session.

session_id($_GET['PHPSESSID']);
session_start();

Answer 5

Just a little correction ... Don't forget to check param if it exists. This worked for me well.

if (isset($_GET['PHPSESSID'])) {
  session_id($_GET['PHPSESSID']);
}
session_start();