Hi, I don't know if this has been discussed before, but I have a suggestion about how PHP checks whether cookie support is enabled. Here is my understanding of the current setup: On the first PHP page encountered, all links will be turned into GET style URLS with the session id attached because it does not yet know whether cookies are enabled. At the same time, it sends a cookie with the session id back to the client. On the second page view, the session id cookie is sent back to the server and thus the server knows cookies are enabled, and no longer has to modify the links.
I've seen a fair number of people complaining about the appearance of the PHPSESSID tacked on the end of all URLs on the first page, and some people doing work-arounds like automatically redirecting back to the home page. I agree with them that it would be nice not to have the URL modification happen, but I don't like the redirect workaround either. So, I have a suggestion: To determine whether cookies are enabled, PHP could simply check to see whether *any* cookie was sent on the page request. If it were set up like this, we could then set a dummy cookie with a long lifetime on their first visit to the site. Then, on all future visits to the site, PHP would discover even on the first page that cookies are enabled. The result would be the PHPSESSID var would only be stuck on the URLs the very first time a user visits the site, and would never appear again (as long as cookies are enabled). If you fear that this is less safe than actually checking for the PHPSESSID variable, it seems that this could at least be an option that could be enabled in php.ini. What do you think? Matt -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
