Re[2]: [Phplib-users] session4 breaks session-handling with url()
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re[2]: [Phplib-users] session4 breaks session-handling with url()
|
From: Maxim D. <max...@bo...> - 2001-10-17 07:23:27
|
Hello Jens,
Wednesday, October 17, 2001, 2:16:00 AM, you wrote:
>> JB> for session4.inc or session4_custom.inc, is there a way to
>> JB> - force PHP to do an initial redirect to append the "Session=xxx" string
>> JB> also to the _first_ URL the user visits
>> What for?
JB> Because we use a couple javascript-based links that are generated depending
JB> on current browser and capabilities (and other data) which are not
JB> recognized by trans-sid.
JB> I think this is also why phplib does it (in session::release_token()).
JB> Might there be other reasons?
The main reason was to determine if cookies are used before letting
the user to browse the site.
>> JB> - force PHP to append the "Session=xxxxxx" string also to
>> JB> - form targets
>> JB> - HTTP headers (like 'Location: ...'
>> JB> - complete URLs on request (e.g. if I redirect to a different
>> JB> subdomain)
>>
>> Did you try to use trans-sid (PHP4 session module feature that will do
>> all the things above automatically) ?
JB> Yes, apparently it does not. At least not to headers. If I do a
Strange .... it sounds to me like a PHP bug.
JB> header("Location: ".$sess->url($PHP_SELF));
JB> with session.inc from phplib, it appends the SID. When I do it with
JB> session4, it doesn't work any more.
Not true. Session4::url() returns the SID apended to the url passed,
unless the client has the session cookie or $trans_id_enabled is set
to true value. Session3::url() appends SID only if there's no a
session cookie. Almost the same.
If you do not rely on trans_sid, turn it off and use
the url() method. Or extend the class with the new method that does not respect
trans_sid() or/and cookie, e.g. my_hacked_url(), which would always
return SID. For me, I'd prefer to use $str . $sess->name .'='. $sess->id
construct in such a rare cases.
JB> Also, how do I find out what variables are registered in session4? The
JB> session::pt[] array doesn't exist any more (IIRC).
There's no need in this array any more. Use $sess->is_registered('var')
instead. Moreover, $pt was a private class variable in java terms -
no one should access it to have the list of the registered variables
(except for the very Session object).
Use public methods, and you won't suffer if the implementation
changes.
JB> I'd really like to switch over to session4 but a first attempt failed
JB> because my application kept 'forgetting' the session data.
Look at the code. Maybe there would be some suggestions? I'd like to
improve the class.
--
Best regards,
Maxim Derkachev mailto:max...@bo...
System administrator & programmer,
Symbol-Plus Publishing Ltd.
phone: +7 (812) 324-53-53
www.books.ru, www.symbol.ru
|
