#24693 [Bgs->Opn]: session.use_trans_sid should changeable by scripts

Sat, 19 Jul 2003 03:43:40 -0700 

 ID:               24693
 User updated by:  chris_se at gmx dot net
 Reported By:      chris_se at gmx dot net
-Status:           Bogus
+Status:           Open
 Bug Type:         Feature/Change Request
 Operating System: GNU/Linux
 PHP Version:      4.3.2
 New Comment:

I tried to figure out myself how this could be solved. I just changed
the definition of session.use_trans_sid to PHP_INI_ALL and I recompiled
my PHP module.

Now, I can change session.use_trans_sid before session_start() is
called and it works fine.

Here's the 'patch' (against PHP 4.3.2):

---------------------------------------------------------
--- ext/session/session.c.old   2003-07-19 12:29:58.000000000 +0200
+++ ext/session/session.c       2003-07-19 12:34:31.000000000 +0200
@@ -151,7 +151,7 @@
        STD_PHP_INI_ENTRY("session.entropy_length",     "0",        
PHP_INI_ALL, OnUpdateInt,    entropy_length,     php_ps_globals,   
ps_globals)
        STD_PHP_INI_ENTRY("session.cache_limiter",      "nocache",  
PHP_INI_ALL, OnUpdateString, cache_limiter,      php_ps_globals,   
ps_globals)
        STD_PHP_INI_ENTRY("session.cache_expire",       "180",      
PHP_INI_ALL, OnUpdateInt,    cache_expire,       php_ps_globals,   
ps_globals)
-       STD_PHP_INI_BOOLEAN("session.use_trans_sid",    "0",        
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool,   use_trans_sid,     
php_ps_globals,    ps_globals)
+       STD_PHP_INI_BOOLEAN("session.use_trans_sid",    "0",        
PHP_INI_ALL, OnUpdateBool,   use_trans_sid,      php_ps_globals,   
ps_globals)
 
        /* Commented out until future discussion */
        /* PHP_INI_ENTRY("session.encode_sources", "globals,track",
PHP_INI_ALL, NULL) */
---------------------------------------------------------


Previous Comments:
------------------------------------------------------------------------

[2003-07-18 09:39:27] chris_se at gmx dot net

Why is that so? In my eyes, the point that makes sense for the rewriter
to be started, is session_start().

Furthermore: If I kind of 'deactivate' the rewriter by ini_set
('url_rewriter.tags', ''); it also has effect on links that were
already sent to output:

---------------------------------------
<?php

session_start ();

?>
<a href="a.php">Test</a>
<?php
ini_set ('url_rewriter.tags', '');
?>
<a href="a.php">Test</a>
---------------------------------------

will generate:

<a href="a.php">Test</a>
<a href="a.php">Test</a>

whereas 

---------------------------------------
<?php

session_start ();

?>
<a href="a.php">Test</a>
<?php
// ini_set ('url_rewriter.tags', '');
?>
<a href="a.php">Test</a>
---------------------------------------

appends the session id to both links.

Therefore I don't quite understand why deactivating the rewriter before
session_start() is not possible whereas modifying it is even possible
after session_start() and even after output that has to be rewritten
was already generated.

------------------------------------------------------------------------

[2003-07-18 09:24:20] [EMAIL PROTECTED]

The decision to enable the rewriter is made before your script starts
running.
Once it has started it cannot be turned off again.

------------------------------------------------------------------------

[2003-07-18 08:13:21] chris_se at gmx dot net

May I also ask why this is not possible?

------------------------------------------------------------------------

[2003-07-17 21:35:01] [EMAIL PROTECTED]

Not possible.


------------------------------------------------------------------------

[2003-07-17 12:57:04] chris_se at gmx dot net

Description:
------------
According to http://de3.php.net/manual/de/function.ini-set.php you may
not alter session.use_trans_sid in PHP scripts, because it is only
changeable in PHP_INI_SYSTEM|PHP_INI_PERDIR.

I do not know why this is so, but in my eyes it should at least be
possible to deactivate this option at runtime.

Reproduce code:
---------------
<?php

ini_set ('session.use_trans_sid', 0);
session_start ();

?>
<a href="a.php">Test</a>


Expected result:
----------------
In an environment with 'session.use_trans_sid' activated in the php.ini
file or in a .htaccess file, it should *not* append the session id to
the link:

<a href="a.php">Test</a>

Actual result:
--------------
The session id is appended to the link and not even an error or notice
ist produced:

<a href="a.php?PHPSESSID=...">Test</a>


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=24693&edit=1

Reply via email to