session-name.xml: use the correct directive name and add the link to #3642
Conversation
There is no directive `session.transid` in PHP. It's probably about the `session.use_trans_sid` directive instead `session.transid`, if I got the context right
| If a new session <parameter>name</parameter> is | ||
| supplied, <function>session_name</function> modifies the HTTP cookie | ||
| (and output content when <literal>session.transid</literal> is | ||
| (and output content when <link linkend="ini.session.use-trans-sid">session.use_trans_sid</link> is | ||
| enabled). Once the HTTP cookie is | ||
| sent, <function>session_name</function> raises error. |
There was a problem hiding this comment.
Frankly, the whole part doesn't make much sense to me. The last sentence is particularly confusing.
Maybe @Girgias can have a look at this.
There was a problem hiding this comment.
In russian docs, i translated the last sentence like this:
Функция session_name() выдаёт ошибку, если функцию вызвали после отправки cookie HTTP-протокола (The session_name() function returns an error if the function was called after sending the HTTP cookie).
<?php
/* OK */
session_name('customCookieName');
session_start(); // It adds cookie 'customCookieName=snsor4a6cjbq0cfa0ujbb6s8fk'
<?php
/* Bad */
session_start();
session_name('customCookieName'); // Here the fn called after cookie was sent
// Warning: session_name(): Session name cannot be changed when a session is active
P. S. It seems to me that the whole paragraph makes sense, since it explains the behavior of the session mechanism a) when the 'session.use-trans-sid' option is enabled (which changes the name of the cookie data block and URLs in the page content for , of form and others fields, depending on the settings of the session.trans_sid_tags option) and b) when calling the session_name function _ after sending cookies ;-)
| If a new session <parameter>name</parameter> is | ||
| supplied, <function>session_name</function> modifies the HTTP cookie | ||
| (and output content when <literal>session.transid</literal> is | ||
| (and output content when <link linkend="ini.session.use-trans-sid">session.use_trans_sid</link> is |
There was a problem hiding this comment.
I still don't understand this part. Does calling session_name("whatever") already output content (assuming session.use_trans_sid=1) and sends a set-cookie header? I think this only happens during further script execution.
Just looked at the German translation, and according to this it should better be: "(and the content of the output when session.use_trans_sid is enabled)"
There was a problem hiding this comment.
I understand it this way. The session_name function ONLY changes the session name (which is set to "PHPSESSID" by default). The session name is stored either a) in cookies (if cookies are enabled) or b) transmitted via URL (if cookies are disabled AND trans SID enabled).
If cookies are enabled (in php.ini or in runtime), the session_name function changes the session name in the cookie data block, which is stored in the browser's cookie storage.
If cookies are disabled and session.use_trans_sid is enabled at the same time, the session_name function changes the name of the session in the content of the HTML page, or rather in those elements of the HTML page that are set in the session.trans_sid_tags directive.
Example 1, use the session_name() function with the session.use_trans_id directive disabled (default); storing and maintaining the session ID through cookies
<?php
session_name('customCookieName');
session_start([
'use_trans_sid' => 0, // The `session.use_trans_sid` directive is disabled;
// if cookies are enabled, the session_name() function modifies the session name in
// the HTTP cookie ONLY, but not the the page's content (URLs of HTML tags that are
// set in the `session.trans_sid_tags` option)
'use_only_cookies' => 1,
'use_cookies' => 1,
]);
?>
<a href="/index.php">Home</a>
The above code outputs:
<html>
<head></head>
<body>
<a href="/index.php">Home</a>
</body>
</html>
The URL of <a> is not modified; only the cookie has been set as "customCookieName=qdkt0ek4g6of1g8kehe2ejljl9" and stored at browser storage.
Example 2, use the session_name() function with the session.use_trans_id directive enabled (and session.use_only_cookies and session.use_cookies disabled); storing and maintaining the session ID through URLs
<?php
session_name('customCookieName');
session_start([
'use_trans_sid' => 1, // The `session.use_trans_sid` directive is enabled;
// the session_name() function modifies the session name
// in the content of the output, if cookies are disabled
'use_only_cookies' => 0, // Disable forcing PHP to fetch and use a
// cookie for storing and maintaining the session id
'use_cookies' => 0, // Disable the use of cookies
]);
?>
<a href="/index.php">Home</a>
<form>
<input type="text" name="username">
<button>Submit</button>
</form>
This code outputs:
<html>
<head></head>
<body>
<!-- The `session.use_trans_id` directive the has modified the URL -->
<a href="/index.php?customCookieName=f3e58ueceruug3jkgr16bet4lr">Home</a>
<form>
<!-- This hidden field has been added as a form variable -->
<input type="hidden" name="customCookieName" value="f3e58ueceruug3jkgr16bet4lr">
<input type="text" name="username">
<button>Submit</button>
</form>
</body>
</html>
Co-authored-by: Christoph M. Becker <[email protected]>
There is no directive
session.transidin PHP. It's probably about thesession.use_trans_siddirective insteadsession.transid, if I got the context right