[Phplib-trackers] [ phplib-Patches-501872 ] fallback error patch

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Patches item #501872, was opened at 2002-01-10 07:41
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=403613&aid=501872&group_id=31885

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Gaetano Giunta (ggiunta)
Assigned to: Nobody/Anonymous (nobody)
Summary: fallback error patch

Initial Comment:
For a detailed description, see the posts in the bugs 
section (bug #487852).

The idea is to avoid the user seeing the Session ID in 
the URL of a page when a session is sarted with 
cookies and fallback enabled.

The code: replace in session.inc the function 
release_token with the one in the attached file

NOTE: I tested this only with IE5.5 and cookiwes 
on/off, might need some more extensive testing...

----------------------------------------------------------------------

Comment By: Dieter Steinwedel (dsteinwe)
Date: 2002-01-12 02:39

Message:
Logged In: YES 
user_id=373951

Unfortunally, it forces on my system a endless-loop. But 
I've solved the problem: The cause is, that the get-var 
won't be erased on the second reload. My solution updates 
the url-rewriting function "url()" of the class "session":

  function url($url){
    $url=ereg_replace("[&?]+$", "", $url);

    switch ($this->mode) {
      case "get":

        $url .= ( strpos($url, "?") != false ?  "&" : "?" ).
                urlencode($this->name)."=".$this->id;

      break;
      default:
	$ssp = strpos($url,urlencode($this->name)."="); ## 
DS1 added -> BEGIN
	if ($ssp > 0)
	{
		$sspe = strpos($url,"&",$ssp);
		if ($sspe > 0) $url = substr($url, 0, 
$ssp) . substr($url, $sspe + 1);
		else $url = substr($url, 0, $ssp);
		if ($url[strlen($url)-1] == "?") $url = 
substr($url, 0, strlen($url)-1);
	} ## DS1 added -> END
      break;
    }
    return $url;
  }

I will soon add all mods to the "bigger patch".

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=403613&aid=501872&group_id=31885