I am not clear on the meaning and usage of php's session.use_trans_id .
On the online documentation, it says:
the run-time option session.use_trans_sid are enabled, relative URIs will be changed to contain the session id automatically. Does this mean it will ALWAYS add the session id? Or only when cookies are not working?
Will it automatically add it to javascript's window.location or ajax calls?
Also, in the php.ini file, it says:
trans sid support is disabled by default.
Use of trans sid may risk your users security.
Use this option with caution.
- User may send URL contains active session ID
to other person via. email/irc/etc.
- URL that contains active session ID may be stored
in publically accessible computer.
- User may access your site with the same session ID
always using URL stored in browser's history or bookmarks.
http://php.net/session.use-trans-sid
I'm confused, the online docs said that Unless you are using PHP 4.2.0 or later, you need to enable it manually
. So why would it be disabled by default? (I'm using php 5).
Also, isn't this feature NECESSARY to handle users with cookies disabled?