Hi, all -- We were using php 4.2.3 on our first server (FreeBSD-4.5) and apparently exploited, quite unknowingly, a bug. We also have register_globals on (we'll work more on that later). Then we added another server (FBSD 4.8 and php 4.3.4rc1) and tried our code and the page passwords didn't work. Arrgh!
So now I'm trying to get my head around how to properly write session code, and I know that I should use session_start() but then always reference $_SESSION instead of session_register() something or so. Good enough, but now I'm having cookie trouble. If I run http://test.locations.org/sessions/extracting.php with cookies on, then upon reload $_SESSION[pw] has a value, which is expected. If cookies are off, though, it does not, and I do not see the SID in the URL even after the click. So I click the other link, wherein I specified the SID, and it finally works -- but I thought that PHP was supposed to format my URLs the right way for me, and even moreso didn't think that I needed the ? because the SID constant is supposed to be "smart". What else do I have to cram in my already-exploding head to get this right? :-) TIA & HAND :-D -- David T-G * There is too much animal courage in (play) [EMAIL PROTECTED] * society and not sufficient moral courage. (work) [EMAIL PROTECTED] -- Mary Baker Eddy, "Science and Health" http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
pgp00000.pgp
Description: PGP signature
