[nycphp-talk] PHP session id's in access logs
D. J. Waletzky
dj at waletzky.com
Wed Jul 2 12:34:32 EDT 2003
Just a thought, but I know Apache can log the username of the client, if
you use HTTP authentication. I know when I look at logs for parts of my
site which use Apache authentication, it does log my username in a
separate field. The relevant variable is $_SERVER["PHP_AUTH_USER"]. The
problem is that you may have to get users to authenticate themselves...
someone who has a deeper understanding of HTTP authentication should
comment here.
On Wed, 2003-07-02 at 12:00, Winston Churchill-Joell wrote:
> Hi all,
>
> I have a question about user session id's showing up in apache access
> logs. We're trying to do some more in-depth analysis of our traffic and
> sessions came up, of course. My understanding of how PHP manages
> sessions is that it will propagate the ID in the URL if the browser
> doesn't support cookies. So how does a user session become apparent in
> the access logs when the visitor's browser does support cookies? I
> apologize if the answer to this question is painfully obvious...
>
> Thanks in advance,
> Winston
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
--
D. J. Waletzky
dj at waletzky.com
"Non sunt multiplicanda entia praeter necessitam."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030702/8b222b62/attachment.sig>
More information about the talk
mailing list