This section contains detailed articles elaborating on some of the common issues phpBB users encounter while using the product. Articles submitted by members of the community are checked for accuracy by the relevant phpBB Team. If you do not find the answer to your question here, we recommend looking through the Support Section as well as using the Site Wide Search.

Sessions and SIDs (append_sid)

Description: This article deals with the often misused append_sid() function.

In Categories:

Link to this article: Select All
[url=https://www.phpbb.com/support/docs/en/3.0/kb/article/sessions-and-sids-append-sid/]Knowledge Base - Sessions and SIDs (append_sid)[/url]

Overview
  • So, you've made a great mod and it works fine. You release it and someone comes back saying "When I clicked on the xyz link it logged me out... why did this happen?" - and there's a simple answer.
  • When you click on a link to another page in phpBB, it needs to keep track of who you are, whether you're logged in, etc. It does this this using sessions, each user has a unique session id (SID). This is then sent back to the user usually to be stored as a cookie.
    • The append_sid() function works wonders with the session ID and makes sure that those users unfortunate enough to not have working cookies (yes, it has happened to me... Sad ) can still stay logged in. Instead of storing a cookie, it adds the session ID as a GET variable with an url (ie xyz.php?sid=c0b8c3bd254eb8258176d7cfb94dcb9f). Without this, phpBB does a security check and logs you out.

      By always making sure that you do this:

      Code: Select all

      'U_XYZ' => append_sid("xyz.$phpEx"),


      instead of

      Code: Select all

      'U_XYZ' => "xyz.$phpEx",


      you make sure that everyone is going to be able to use your mod.
    • You may be asking "Well, what if I have to use a url like xyz.php?foobar=nada?"... no problem! append_sid() will automatically recognise the '?' character and append '&sid=c0b8c3bd254eb8258176d7cfb94dcb9f' instead of '?sid=c0b8c3bd254eb8258176d7cfb94dcb9f'. Pretty clever, hey?
    • Another question you may ask is "What if I need to use it in a form?"... append_sid() is used on ALL URLS. No exceptions. I cannot stress that enough.
    • So that's the basics. Make sure you always use append_sid() and you'll be safe. (and you'll have one less bug to fix)