ID: 5360 Updated by: jeroen Reported By: [EMAIL PROTECTED] Status: Closed Bug Type: Session related Operating System: Red Hat Linux 6.1 PHP Version: 4.0.1pl2 New Comment:
POST is also supported. If you enable transparent-session-id propagation, PHP will include a <input type=hidden> with the session name and id, and thus will work with both POST and GET. Where in the manual does it say that post isn't supported? See 13841 for future updates about this problem, because it seems it's the same problem after all. Previous Comments: ------------------------------------------------------------------------ [2000-07-27 21:04:20] [EMAIL PROTECTED] reading the manual, php sessions support a) GET b) cookies but if you want to use POST you can extract that post_var on another page and use session_name() then read the manual on "session handling" ------------------------------------------------------------------------ [2000-07-07 19:59:10] [EMAIL PROTECTED] I've tried this with IE and Netscape and it doesn't work: http://216.235.251.8/login.phtml TO USE: Initially you can just enter in anything you want. It will post to itself, the session is started and the phpsessid variable is blank. Then put anything else in the user and password fields and submit again. You'll see the phpsessid populated with the previous ID but when the session_start is called, a new ID is created and in the middle when I echo SID; it displays the string. The SID macro is working and outputing information even though the cookie is being set, contrary to the documentation. How do I know that the cookie is being set? Well, I look in my cookies.txt file and find the cookie listed. (some may need to quit the browser before seeing the cookie in the file). ------------------------------------------------------------------------ [2000-07-04 17:33:17] [EMAIL PROTECTED] This is a baffling problem. Perhaps I'm doing something wrong but I believe I'm doing everything correct. Here is an example script of what I'm talkinng about please save this in a file called "login.phtml" or change the FORM tag to reflect the filename you choose.: ----- <? session_start(); if ($login) { echo "Posted Variable (echo \$PHPSESSID): " . $PHPSESSID . "<BR>"; //session_id($PHPSESSID); echo "session started (echo session_id()): " . session_id() . "<BR>"; session_register("user","pass"); echo "Variable Registered in session (echo session_id()): " . session_id() . "<BR>"; } ?><HTML> <HEAD> <TITLE>Login Testing</TITLE> </HEAD> <BODY BGCOLOR=#FFFFFF> <BR><BR> Session display using "echo SID;":<? echo SID; ?><BR><BR> <FORM METHOD=POST ACTION="login.phtml"> form field populated using <? echo session_id(); ?><BR> Posting Variable: PHPSESSID: <INPUT TYPE=TEXT NAME="PHPSESSID" VALUE="<? echo session_id(); ?>" WIDTH=50><BR> USER: <INPUT TYPE="text" NAME="user"><BR> PASS: <INPUT TYPE="text" NAME="pass"><BR> <INPUT TYPE=SUBMIT VALUE="login" NAME="login"><BR> </FORM> </BODY> </HTML> ---- In this example, when session_start() is called, a new session variable is created. If I you uncomment the line that forces the session ID back to what it should be, the variables get registered in the proper session but when you echo SID it reverts to the previous session and the $PHPSESSID is updated also to the new, incorrect, session. This was done by testing under an SSL connection because this is where I need to use it. The installation is Apache 1.3.12+mod_ssl One Curious thing: If I change it the method to GET then this is what happens. at the first initialization of the session it creates it, then when you submit the form, a new session is created. But every post after that retains the session ID. Will this only work via the GET method? I sincerely hope not because I need to keep the password hidden. ------------------------------------------------------------------------ Edit this bug report at http://bugs.php.net/?id=5360&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
