Re: [Phplib-users] falback_mode and session4
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] falback_mode and session4
|
From: Giancarlo P. <gia...@na...> - 2002-06-04 14:40:11
|
I am also noticing a difference in behaviour betwee PHP4 and phplib (as it was before my recent patch), in this case: Cookies enabled, phplib has mode=cookie, fallback_get open the URL http://whatever/index.php3?Example_Session=ciao -PHPLIB4 (and PHP4 btw): accepts the sid value 'ciao', lets a cookie by that value and creates relative session 'ciao', URL is ignored from this moment on. -PHPLIB (before my patch): supposes cookies are disbled, leaves no cookie, creates session 'ciao', goes on in get mode from this moment on. -PHPLIB now (with default block_alien_sid=true in session.inc): ignores URL, and session name, leaves his own cookie and uses that sid to create the session, goes on in cookie mode from now on Giancarlo Giancarlo Pinerolo wrote: > > Hi. > This question is in particular for Maxim's session4 implementation. > > I've noticed a slight difference between the behavior of stable phplib > and session4 phplib. In fact the real difference is between php4 session > and the way phplib handled that. > > In phplib, when mode is cookie and fallback is get, if there's no cookie > nor session in the URL, we are left a cookie and immediately redirected > (Header 302) to a URL with the session in it. That's why phplib needs > the session in the URL the very first visit. > But PHP4 session doesn't handle that. If there's no cookie nor > session-URL, simply session is started but not propagated. > So in practice there no fallback possibility with session4. > Am I right? > I am wondering if the initial Header:302 trick can be performed with > session4, to accomplish that compatibility. > > Giancarlo > |
