[Phplib-trackers] [ phplib-Bugs-487852 ] fallback error
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
[Phplib-trackers] [ phplib-Bugs-487852 ] fallback error
|
From: <no...@so...> - 2002-01-10 15:01:07
|
Bugs item #487852, was opened at 2001-12-01 08:36 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=487852&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Dieter Steinwedel (dsteinwe) Assigned to: Nobody/Anonymous (nobody) Summary: fallback error Initial Comment: I've recognized that the fallback mechanism from cookie to get doesn't work correctly. The created session always works, but sometimes the mechanism fallsback to "get" on session creation on browser with cookie support. The source of this behaviour may be "release_token()" and/or "get_id()" in "session.inc". Dieter ---------------------------------------------------------------------- Comment By: Gaetano Giunta (ggiunta) Date: 2002-01-10 07:01 Message: Logged In: YES user_id=114789 DOH! I think the final suggestion in my previous post is BULL$#!^: on the second load of the page you will NOT get back a session id from the browser, so you can't match it in the database! Anyway, the brilliant idea to solve the problem is here: 1st hit: set cookie, reload adding GET params 2nd hit: if no cookie found continue using GETs, else reload, eliminating GET params 3rd hit: you're OK now, sure to get the cookie the tradeoff is a slightly slower load-time of 1st-page-of- session, your take... the patch to session.inc I just posted here (see the patches section) ---------------------------------------------------------------------- Comment By: Gaetano Giunta (ggiunta) Date: 2002-01-10 03:47 Message: Logged In: YES user_id=114789 My 2 eurocents of analysis: it depends on session.inc, function release_token, line 406 (in release 7.4rc1): mode is set to fallback. This looks unnecessary (and if your'sure all your users have cookies enabled just comment the line and all will be smooth), but it stems from a logic problem: if a page is hit by the browser and there's no cookie found containing the session id, there's no (easy) way that PHPLIB can possibly know if it is the first time that the page was hit and the session cookie has yet to be set, or if it is the second time that the page is hit and the cookie is not working, so session should switch to fallback mode. To make sure it gets it right, phplib adds the session id in the URL, although it looks a bit nasty to the end user. An (hard and long ?) way to do it could be storing in the db container the session info on the first page hit, before redirecting the user. This way the second page hit would find the session id already defined in the db and know that if no cookie is there it should fall back to get mode and try a second redirect including the session id in the url... Hope this helps a bit (and maybe even gets implemented in verion 8 or someting...) Gaetano ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=487852&group_id=31885 |
