Lars Torben Wilson wrote:
About the cookie params (In PHP.INI) I checked them on the two platforms with phpinfo() and are exactly the same.
Was your binary compiled with --enable-trans-sid? If so, I imagine the
explanation would be something along the lines that because the session
manager doesn't know whether you have cookies enabled until it gets a cookie
back, it uses trans_sid. On the second page view, it gets a cookie, and
starts using cookies instead.
Thanks Torben,
The binary is not compiled with --enable-trans-sid. But I've seen that the ISP changed a param in the PHP.INI, and they changed session.use_trans_sid setting it to 1.
I tested setting it on my devel computer and really now the problem reproduces here :) So I think this could be really the problem.
Now I should talk to the provider to not set this parameter to ON by default, because the security risk on it (As stated on the manuals).
On the sessions manuals, says that this parameter can only be set on PHP_INI_SYSTEM and PHP_INI_PERDIR, but in the ini_set() manual says it can be set in PHP_INI_ALL. I think the first is correct and the second is not as I tried setting it with ini_set with no result.
I cannot understand this change from the provider as it is a security risk as the comments in PHP.INI says:
; trans sid support is disabled by default. ; Use of trans sid may risk your users security. ; Use this option with caution. ; - User may send URL contains active session ID ; to other person via. email/irc/etc. ; - URL that contains active session ID may be stored ; in publically accessible computer. ; - User may access your site with the same session ID ; always using URL stored in browser's history or bookmarks.
Thanks for your valuable help. Now *I've seen where the problem is*, and I can look for a solution.
Regards, Jordi.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
