On Tue, 9 May 2000, Tom Mornini wrote:
> That is the tricky part. :-)
>
> Here's the sneaky way to handle it: Put the Session ID at the beginning of
> the URI. If a request comes in with a Session ID, then strip it out of
> $r->urii. If a request comes in without one, redirect them to the same URI
> with a session ID in place.
>
> In our case, this is handled by a trans handler that stores state in
> $r->pnotes, and a fixup handler that reads $r->pnotes and
> $r->set_handlers() in the redirect handler into the response phase.
>
> The cool thing about this is that relative links need not be rewritten at
> all, the browser handles it!
This last part is a great point, and one that people would do well to
heed. I hadn't considered the implication that relative URLs would work
this way, but they do. I'm excited!
I like to use session ids at the beginning of the URL for another
reason: the users understand it. For example, if they visit a URL:
https://secretstartup.com/home/abcdef0987654321/foo/bar/baz/quux
A lot of users are advanced enough to chop off part of the URL to get what
they want. With the session ID at the root of the URL, this is easier to
do. With this URL,
https://secretstartup.com/foo/bar/baz/quux/abcdef0987654321
The users are likely to either not try, or to get it wrong.
This works on my site, because the urlspace is completely
ficticious. There is no disk path /home/abcdef0987654321, in fact there
is no /home, nor even a document root at all. I just threw in the /home
to make the URL look a little more friendly.
Cheers,
Jeffrey