<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Passing the Session ID</title>
</head>
<body><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="session.examples.basic.html">Basic usage</a></div>
<div class="next" style="text-align: right; float: right;"><a href="session.customhandler.html">Custom Session Handlers</a></div>
<div class="up"><a href="session.examples.html">Examples</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="session.idpassing" class="section">
<h2 class="title">Passing the Session ID</h2>
<p class="para">
There are two methods to propagate a session id:
<ul class="itemizedlist">
<li class="listitem">
<span class="simpara">
Cookies
</span>
</li>
<li class="listitem">
<span class="simpara">
URL parameter
</span>
</li>
</ul>
</p>
<p class="para">
The session module supports both methods. Cookies are optimal, but
because they are not always available, we also provide an alternative
way. The second method embeds the session id directly into URLs.
</p>
<p class="para">
PHP is capable of transforming links transparently. If the run-time
option <em>session.use_trans_sid</em> is enabled, relative
URIs will be changed to contain the session id automatically.
<blockquote class="note"><p><strong class="note">Note</strong>:
<p class="para">
The <a href="ini.core.html#ini.arg-separator.output" class="link">arg_separator.output</a>
<var class="filename">php.ini</var> directive allows to customize the argument separator. For full
XHTML conformance, specify &amp; there.
</p>
</p></blockquote>
</p>
<p class="para">
Alternatively, you can use the constant <strong><code>SID</code></strong> which is
defined if the session started. If the client did not send an appropriate session
cookie, it has the form <em>session_name=session_id</em>.
Otherwise, it expands to an empty string. Thus, you can embed it
unconditionally into URLs.
</p>
<p class="para">
The following example demonstrates how to register a variable, and
how to link correctly to another page using <strong><code>SID</code></strong>.
<div class="example" id="example-5954">
<p><strong>Example #1 Counting the number of hits of a single user</strong></p>
<div class="example-contents">
<div class="phpcode"><code><span style="color: #000000">
<span style="color: #0000BB"><?php<br /><br />session_start</span><span style="color: #007700">();<br /><br />if (empty(</span><span style="color: #0000BB">$_SESSION</span><span style="color: #007700">[</span><span style="color: #DD0000">'count'</span><span style="color: #007700">])) {<br /> </span><span style="color: #0000BB">$_SESSION</span><span style="color: #007700">[</span><span style="color: #DD0000">'count'</span><span style="color: #007700">] = </span><span style="color: #0000BB">1</span><span style="color: #007700">;<br />} else {<br /> </span><span style="color: #0000BB">$_SESSION</span><span style="color: #007700">[</span><span style="color: #DD0000">'count'</span><span style="color: #007700">]++;<br />}<br /></span><span style="color: #0000BB">?><br /></span><br /><p><br />Hello visitor, you have seen this page <span style="color: #0000BB"><?php </span><span style="color: #007700">echo </span><span style="color: #0000BB">$_SESSION</span><span style="color: #007700">[</span><span style="color: #DD0000">'count'</span><span style="color: #007700">]; </span><span style="color: #0000BB">?></span> times.<br /></p><br /><br /><p><br />To continue, <a href="nextpage.php?<span style="color: #0000BB"><?php </span><span style="color: #007700">echo </span><span style="color: #0000BB">htmlspecialchars</span><span style="color: #007700">(</span><span style="color: #0000BB">SID</span><span style="color: #007700">); </span><span style="color: #0000BB">?></span>">click<br />here</a>.<br /></p></span>
</code></div>
</div>
</div>
</p>
<p class="para">
The <span class="function"><a href="function.htmlspecialchars.html" class="function">htmlspecialchars()</a></span> may be used when printing the <strong><code>SID</code></strong>
in order to prevent XSS related attacks.
</p>
<p class="para">
Printing the <strong><code>SID</code></strong>, like shown above, is not necessary if
<a href="session.configuration.html#ini.session.use-trans-sid" class="link">
--enable-trans-sid</a> was used to compile PHP.
</p>
<blockquote class="note"><p><strong class="note">Note</strong>:
<p class="para">
Non-relative URLs are assumed to point to external sites and
hence don't append the <strong><code>SID</code></strong>, as it would be a security risk to
leak the <strong><code>SID</code></strong> to a different server.
</p>
</p></blockquote>
</div><hr /><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="session.examples.basic.html">Basic usage</a></div>
<div class="next" style="text-align: right; float: right;"><a href="session.customhandler.html">Custom Session Handlers</a></div>
<div class="up"><a href="session.examples.html">Examples</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>
