Re: [PHP] Cookies and Sessions: What's the Best Recipe?

Tue, 03 Jun 2003 16:39:26 -0700 

Hmmmm,

Theory only here:

If there is a GET value of PHPSESSID (or whatever your sessions are named),
then the user is more than likely taking advantage of trans-sid (sid's in
the URLs), and cookies are not available.

So, we only want to append the sid to URLs in a redirect IF the sid is found
in the URL already.  If there is no SID in the URL, then perhaps we can
assume it doesn't need to be this time????

<?
// UNTESTED
function redirectWithSession($location)
    {
    $sid = session_id();
    $sname = session_name();
    if($_GET[$sname])
        {
        header("Location: {$location}?{$sname}={$sid}");
        }
    else
        {
        header("Location: {$location}");
        }
    }
?>


Again, please test thoroughly, because I haven't thought through the
instances where this might break something really... maybe there aren't
any!!


Justin




on 03/06/03 5:02 PM, Monty ([EMAIL PROTECTED]) wrote:

>>> I have a member site that uses sessions. People who have their browser
>>> cookies turned off, however, cannot use our site. I read somewhere that to
>>> avoid this, I'd have to manually append the PHPSESSID var to every URL when
>>> redirecting in a script.
>> 
>> One way around this would be to write a simple wrapper function which does
>> this for you automatically:
>> 
>> <?
>> // UNTESTED
>> function redirectWithSession($location)
>> {
>> $sid = session_id();
>> $sname = session_name();
>> header("Location: {$location}?{$sname}={$sid}");
>> }
>> ?>
>> 
>> Then (after testing the above code thoroughly) you just need to do a batch
>> search and replace on your whole site source for 'header("Location: ' with
>> 'redirectWithSession(', and everything should be cool.... I think.  Please
>> test all thoroughly :)
> 
> 
> Justin, I took your suggestion and tried out the above on some test files. I
> made some slight mods, but, it works perfectly. The only thing I don't like
> about this solution is that the session ID is appended to the end of the URL
> for everyone, even if they have cookies enabled. (I have trans-sid enabled).
> Is there any reliable way to avoid this, or is this just a small side-effect
> of making the site accessible to all?
> 
> Thanks!
> 
> Monty
> 
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to