Hi,
I don't know if this has been discussed before, but I have a
suggestion about how PHP checks whether cookie support is enabled.
Here is my understanding of the current setup: On the first PHP page
encountered, all links will be turned into GET style URLS with the
session id attached because
hi,
[..] If it were set up like this, we could then set a
dummy cookie with a long lifetime on their first visit to the site. [..]
-2
people tend to dislike cookies - many see cookies as a dangerous
threat to their privacy and security (that's why IE 6.0 blocks almost
all DANGEROUS cookies
The good idee is to set a cookie...and if so not to modify anything.
What you missed is that you need not get any cookie if you did not
write one yourself (but that does not affect your idea).
We could simply leave an old session-cookie and reread it - that
shouldn't be a security problem.
This is an interesting idea -- simply having the old session cookie stay
around longer. On the server side, you'd probably want to keep track of the
time the session was created and if it's an old session then change the
session id (I don't know if that's easy or hard). I think for security it is