I think there has been some confusion as to what I was suggesting for people with cookies disabled. What I am suggesting would have the following effect:
(1) If user has cookies disabled: PHP sessions would end up acting as before, they would convert URLs into GET style URLs (2) If user has cookies enabled: PHP sessions would act as before except would not end up rewriting URLs on the first page view. The change to the PHP code should be small: when seeing if cookies are enabled simply look for any cookie sent by the client rather than just the PHPSESSID cookie. Matt "Matt Richardson" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > > I don't know if this has been discussed before, but I have a > suggestion about how PHP checks whether cookie support is enabled. > Here is my understanding of the current setup: On the first PHP page > encountered, all links will be turned into GET style URLS with the > session id attached because it does not yet know whether cookies are > enabled. At the same time, it sends a cookie with the session id back > to the client. On the second page view, the session id cookie is sent > back to the server and thus the server knows cookies are enabled, and > no longer has to modify the links. > > I've seen a fair number of people complaining about the appearance of > the PHPSESSID tacked on the end of all URLs on the first page, and > some people doing work-arounds like automatically redirecting back to > the home page. I agree with them that it would be nice not to have the > URL modification happen, but I don't like the redirect workaround > either. So, I have a suggestion: To determine whether cookies are > enabled, PHP could simply check to see whether *any* cookie was sent > on the page request. If it were set up like this, we could then set a > dummy cookie with a long lifetime on their first visit to the site. > Then, on all future visits to the site, PHP would discover even on the > first page that cookies are enabled. The result would be the PHPSESSID > var would only be stuck on the URLs the very first time a user visits > the site, and would never appear again (as long as cookies are > enabled). > > If you fear that this is less safe than actually checking for the > PHPSESSID variable, it seems that this could at least be an option > that could be enabled in php.ini. > > What do you think? > Matt > > > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
