ID: 8556
Updated by: sas
Reported By: [EMAIL PROTECTED]
Old-Status: Open
Status: Closed
Bug Type: *Session related
Assigned To: 
Comments:

Regardless of whether the session id is transmitted by a cookie or the URL, the output 
of the PHP script is by default supposed to be non-cachable. 

If you think a client can cache the content of the page, change the 
session.cache_limiter configuration variable appropiately.

Previous Comments:
---------------------------------------------------------------------------

[2001-01-04 16:11:45] [EMAIL PROTECTED]
This related to bug #8073

You are right when you said it is necessary to send a header with no-cache when php 
send a cookie.
But I think it is not normal to change the header when php sends no cookie.

So I changed the code:
before
...
 if (send_cookie)
  php_session_send_cookie(PSLS_C);
 
 if (define_sid) {
  char *buf;

  buf = emalloc(strlen(PS(session_name)) + strlen(PS(id)) + 5);
  sprintf(buf, "%s=%s", PS(session_name), PS(id));
  REGISTER_STRING_CONSTANT("SID", buf, 0);
 } else
  REGISTER_STRING_CONSTANT("SID", empty_string, 0);
 PS(define_sid) = define_sid;

 PS(nr_open_sessions)++;

 php_session_cache_limiter(PSLS_C);
 php_session_initialize(PSLS_C);
...

after the change
...
 if (send_cookie) {
  php_session_send_cookie(PSLS_C);
  php_session_cache_limiter(PSLS_C);
 }
 
 if (define_sid) {
  char *buf;

  buf = emalloc(strlen(PS(session_name)) + strlen(PS(id)) + 5);
  sprintf(buf, "%s=%s", PS(session_name), PS(id));
  REGISTER_STRING_CONSTANT("SID", buf, 0);
 } else
  REGISTER_STRING_CONSTANT("SID", empty_string, 0);
 PS(define_sid) = define_sid;

 PS(nr_open_sessions)++;

 php_session_initialize(PSLS_C);
...

With this modification the no-cache header is send only once. Maybe the modification 
is made a wrong way!?

Georges Dagousset
France
:-)

---------------------------------------------------------------------------



ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=8556&edit=2


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to