Menu
▾
▴
#92 phpwiki with phpsessid's breaks URL's
If transparent session id's are compiled into php, and
a user who has cookies blocked to your site either:
- Views a page and clicks "edit"
- Views pages while VIRTUAL_PATH is false and clicks on
another linked page
The URL's get FUBAR:
if you notice the "&" on the URL, it tries to edit a
page called "Oracle Applications&", instead of having
the PHPSESSID as a variable.
I'm aware that phpwiki doesn't do any special PHPSESSID
handling, but I couldn't uncover the issue with this
bug in a cursory look.. I just commented out all the
session handling since we don't need it inside this
organization.
Tested with both 1.3.0-jeffs-hacks and
1.3.2-jeffs-hacks, as well as Mozilla 0.9.7, Netscape
4.7, and Opera 6.0
Logged In: YES
user_id=346996
I have been getting this too for some time. I thought it
was just my setup!
I think the problem arises because PHP assumes that it can
just insert the PHPSESSID variable into the URL query
string, but it is not very good at working out where.
The strange thing with my setup is that this bug seems to
occur on the first page load only. Hitting refresh makes
the SESSID disappear from the query string. It remains
absent for the rest of the session.
Lawrence
Logged In: YES
user_id=346996
The reason (of course) why it happens only on the first
page load on my system is that I have cookies enabled. The
first time I visit the wiki in a session, I have no SESSID
cookie, so php inserts PHPSESSID in the query string, and
also sets a cookie. On a page refresh, the cookie is
present, so php does not need to mangle the query string.
Not sure yet why php cannot put the PHPSESSID variable in
the right place, though
Logged In: YES
user_id=45814
What versions of PHP are y'all running when you experience
these problems?
I have not yet looked at this problem in great detail, but
it would seem to be a bug in PHP. Maybe it's fixed in
recent versions of PHP?
In the mean time, if you configure PHP (at compile time)
without --enable-trans-sid (or with --disable-trans-sid),
the problem goes away (but you can't log in to PhpWiki
without cookies enabled in your browser.)
Logged In: NO
php 4.1.1 on Debian Linux. I worked around it by
disabling the trans-sessid in php.. we had planned to
use it for a project, but that project is no longer
happening.
Logged In: YES
user_id=346996
php 4.0.6 on Apache/Windows 2k
Logged In: YES
user_id=369655
I found this problem too when I tried to use http://validator.w3.org/check to check my html, the validator doesn't support cookies.
You can add this line into index.php to prevent it:
ini_set('session.use_trans_sid', 0);
(I've also checked in this modification into the CVS of the developmental version).
Logged In: YES
user_id=369655
Closing off, mod "ini_set('session.use_trans_sid', 0);" checked into
index.php by Jeff as the default around 2002-01-25.