Re: [Phplib-users] No session_id or cookie if not authenticated.. how?

[Aric C. <gre...@pe...>]

And its a shopping cart I work on.

All pages are accessed through one php script, index.php.  What page is
actualy shown to the user depends on what is passed to the script (IE,
"index.php?page=cellphones/nokia").

What I want to do is just like having the default auth to 'nobody', but I
dont want any cookies sent or session_id's in urls until the user  logs in,
or actualy also until a user does something like add an item to the cart.

I guess what I have to do is check my parameters first and then call
page_open() only when needed, but then like you say the session gets lost
when a user goes to an unprotected area.  So I'd have to also check if the
user already has a session and call page_open() if so.

This is oh-so-confusing.

----- Original Message -----
From: "Richard Archer" <rh...@ju...>
To: <php...@li...>
Sent: Tuesday, December 03, 2002 3:47 PM
Subject: Re: [Phplib-users] No session_id or cookie if not authenticated..
how?


> At 17:47 -0500 3/12/02, li...@ye... wrote:
>
> >Easiest way would be to only use page_open on pages you want to protect.
> >
> >The session would only be created first time someone hit one of these
pages and
> >auth timeouts could occur more often but it could work depending on your
> >application.
>
> And if a non-cookie user leaves the protected part of the site (e.g.
> they click on the Home button) they will lose their session. That
> would be a disaster in a shopping cart environment, but may not
> matter in other instances.
>
>  ...R.
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Microsoft Visual Studio.NET
> comprehensive development tool, built to increase your
> productivity. Try a free online hosted session at:
> http://ads.sourceforge.net/cgi-bin/redirect.pl?micr0003en
> _______________________________________________
> Phplib-users mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phplib-users
>