The good idee is to set a cookie...and if so not to modify anything. What you missed is that you need not get any cookie if you did not write one yourself (but that does not affect your idea).
We could simply leave an old session-cookie and reread it - that shouldn't be a security problem. Perhaps we should then take some thoughts about the security of the session cookies. However it is important that we must rewrite the urls for cases where no cookie was received. That makes your idea no solutions for peoples which claim this because for example thier JavaScript code does not work anymore when session cookies rewrite their urls. (My own hp would have the same problem...but i do not change that) marcus At 22:34 10.03.2002, you wrote: >Hi, > >I don't know if this has been discussed before, but I have a >suggestion about how PHP checks whether cookie support is enabled. >Here is my understanding of the current setup: On the first PHP page >encountered, all links will be turned into GET style URLS with the >session id attached because it does not yet know whether cookies are >enabled. At the same time, it sends a cookie with the session id back >to the client. On the second page view, the session id cookie is sent >back to the server and thus the server knows cookies are enabled, and >no longer has to modify the links. > >I've seen a fair number of people complaining about the appearance of >the PHPSESSID tacked on the end of all URLs on the first page, and >some people doing work-arounds like automatically redirecting back to >the home page. I agree with them that it would be nice not to have the >URL modification happen, but I don't like the redirect workaround >either. So, I have a suggestion: To determine whether cookies are >enabled, PHP could simply check to see whether *any* cookie was sent >on the page request. If it were set up like this, we could then set a >dummy cookie with a long lifetime on their first visit to the site. >Then, on all future visits to the site, PHP would discover even on the >first page that cookies are enabled. The result would be the PHPSESSID >var would only be stuck on the URLs the very first time a user visits >the site, and would never appear again (as long as cookies are >enabled). > >If you fear that this is less safe than actually checking for the >PHPSESSID variable, it seems that this could at least be an option >that could be enabled in php.ini. > >What do you think? >Matt > > > > >-- >PHP Development Mailing List <http://www.php.net/> >To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
