This is exactly what happens (at least with latest CVS of PHP).
If cookies are enabled, URLs are not modified.
If cookies are disabled, this is detected and URLs are then
modified to contain PHPSESSID.
--Jani
On Sun, 10 Mar 2002, Matt Richardson wrote:
>I think there has been some confusion as to what I was suggesting for people
>with cookies disabled. What I am suggesting would have the following effect:
>
>(1) If user has cookies disabled: PHP sessions would end up acting as
>before, they would convert URLs into GET style URLs
>(2) If user has cookies enabled: PHP sessions would act as before except
>would not end up rewriting URLs on the first page view.
>
>The change to the PHP code should be small: when seeing if cookies are
>enabled simply look for any cookie sent by the client rather than just the
>PHPSESSID cookie.
>
>Matt
>
>
>
>"Matt Richardson" <[EMAIL PROTECTED]> wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>> Hi,
>>
>> I don't know if this has been discussed before, but I have a
>> suggestion about how PHP checks whether cookie support is enabled.
>> Here is my understanding of the current setup: On the first PHP page
>> encountered, all links will be turned into GET style URLS with the
>> session id attached because it does not yet know whether cookies are
>> enabled. At the same time, it sends a cookie with the session id back
>> to the client. On the second page view, the session id cookie is sent
>> back to the server and thus the server knows cookies are enabled, and
>> no longer has to modify the links.
>>
>> I've seen a fair number of people complaining about the appearance of
>> the PHPSESSID tacked on the end of all URLs on the first page, and
>> some people doing work-arounds like automatically redirecting back to
>> the home page. I agree with them that it would be nice not to have the
>> URL modification happen, but I don't like the redirect workaround
>> either. So, I have a suggestion: To determine whether cookies are
>> enabled, PHP could simply check to see whether *any* cookie was sent
>> on the page request. If it were set up like this, we could then set a
>> dummy cookie with a long lifetime on their first visit to the site.
>> Then, on all future visits to the site, PHP would discover even on the
>> first page that cookies are enabled. The result would be the PHPSESSID
>> var would only be stuck on the URLs the very first time a user visits
>> the site, and would never appear again (as long as cookies are
>> enabled).
>>
>> If you fear that this is less safe than actually checking for the
>> PHPSESSID variable, it seems that this could at least be an option
>> that could be enabled in php.ini.
>>
>> What do you think?
>> Matt
>>
>>
>>
>
>
>
>
--
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
