* @copyright 2004 http://www.php-tools.net * @license LGPL **/ // load error handler include_once './_error.php'; // include factory/loader include_once '../patSession.php'; $options = array( 'security' => 'use_token', 'token-mode' => 'any', 'token-name' => 'mytoken', // for cookies only 'empty-referer' => 'allow' ); // most easy way to create a session object $sess =& patSession::singleton( 'ham', 'Native', $options ); $queryString = $sess->getQueryString(); ?> Another security options is: use_token. This option is off by default. The reason is, that using a token requires cookies for full functionality. Even if patSession supports tokens using GET-variables, this token mode is not recommended. The reason is simple: Using another GET-variable to transport a disposable token does not allow to use the navigation-buttons of any browser. E.g. using the "Reload" (or "Refresh") button will send an old, out of date token to the server. This will force the session to be locked!

Current options passed to session:

use_token:
Using a token means, that you ping-pong a disposal token between the browser and the server. Each token is only valid for one - the next - request. this URL

'; ?> tokenmode:
The tokenmode can be either "cookie", "any" or "get". Cookie means, that the tokens will stored in browser cookies. This mode is recommendet and will be used by default. Using the mode "get" will automatically add the token to the query-string. This mode allows you to use tokens without cookie-support. The mode "any" uses both, cookies and the GET-variable.

get( 'security-test' ); if( patErrorManager::isError( $result ) ) { echo '
Session-state: ' . $sess->getState() . '
'; } else { echo '
The session reported no errors.
'; } $token = $sess->get( 'patSession:token' ); echo "token: " . $token . "
\n"; ?>