Tom,
At 02:02 PM 5/9/00 -0700, Tom Mornini wrote:
>That is the tricky part. :-)
>
>Here's the sneaky way to handle it: Put the Session ID at the beginning of
>the URI. If a request comes in with a Session ID, then strip it out of
>$r->urii. If a request comes in without one, redirect them to the same URI
>with a session ID in place.
>
>In our case, this is handled by a trans handler that stores state in
>$r->pnotes, and a fixup handler that reads $r->pnotes and
>$r->set_handlers() in the redirect handler into the response phase.
>
>The cool thing about this is that relative links need not be rewritten at
>all, the browser handles it!
>
and what happens when somebody bookmarks a URL with the session-id
prepended and comes back a week later with an invalid session-id in the URL?
Tobias
