Re: [Phplib-users] new Session4 changes | more
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] new Session4 changes | more
|
From: Giancarlo <gia...@na...> - 2002-12-02 12:03:41
|
>> Currently the logic in the session module (php3) was: >> >> if there is no cookie, see if there is a GET sid >> if there is a get sid, accept that anycase > > > +++ create or update the session > >> if tgere's not a GET sid, append a GET sid, leave a cookie as well, >> redirect to Self (with sid appended). On reentering, it is back >> to start > > > +++ no session creation was made if nothing found, just the > redirect > ... >> The logic I applied to somehow block the aliens was: >> >> if there is no cookie see if there'a a GET sid >> if there's a GET sid, see if that exists >> if that no exists, create&freeze a new session, leave the new >> cookie, append sid to GET, redirect to there >> if there's no GET sid, ceate&freeze a new sess, append sid to GET and >> leave a cookie, and redirect to there >> if there's cookie, see if it exists, if not: recookie, redirect to self >> ... > So the base for checking the preexistance was to create & save, in case > a new session, BEFORE redirect, not create_or_update AFTER, as it was > ... PHP4 session is a third example of flow: it creates or udates the session in any case, before any redirect, no check if exists or not exists. There seem not to be a redirect when nothing is found. The first time, with nothing found, url (trans_sid) are rewritten in anycase, a cookie is left just_in_case. No SID is appended to SELF, nor redirect. So if you ghit browser reload with cookies disabled, counter never increases, which PHPlib didn't because the very first visit was redirected to SELF with SIDappended & cookie. Gian |
