Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#38 session4 to remove *any* sid from url

open
nobody
None
5
2002-10-13
2002-10-13
No

I applied this already to session.inc, and session4
misses it

The explaination is not easy, but there are cases, and
with php4 there are a lot more than with plain old
php3lib, that one can pass over a 'known sessiod id'
to some cookie-enabled client, ad this will take
precedence over the availability, and inthe past even
existance, of a cookie. Not cleaning completely the
session id string from the url makes solving that
problematic. In any case when we want to chop away eg

?Example_Session=xyz

we are not interested at what xyz contains, are we? We
want to chop that away i any case.

session4.inc method url()

384,385c384
< #
"([&?])".quotemeta(urlencode($this->name))."=".$this->id."(&|$)",
<
"([&?])".quotemeta(urlencode($this->name))."=(.)*(&|$)",
# we clean any(also
---
>
"([&?])".quotemeta(urlencode($this->name))."=".$this->id."(&|$)",

Then I am really not expert with regex, but the concept
still applies.

Discussion