From: [EMAIL PROTECTED]
Operating system: RedHat Linux 6.2 (2.2.12 kernel)
PHP version: 4.0.6
PHP Bug Type: Session related
Bug description: relative URL incorrect when a "session id" is appended to URL
Hi,
I'm not sure if this is a PHP problem, an Apache problem, or a browser
problem.
Versions:
PHP 4.0.6, configured with:
./configure --with-apache=../apache_1.3.20 \
--with-mysql=/usr/local/mysql \
--enable-track-vars \
--enable-session
Apache 1.3.20, configured with:
./configure "--with-layout=Apache" \
"--prefix=/etc/httpd" \
"--activate-module=src/modules/php4/libphp4.a" \
"--enable-suexec" \
"--suexec-caller=http" \
"--suexec-docroot=/home/baseweb" \
"--suexec-logfile=/var/log/httpd/suexec_log" \
"--suexec-safepath=/bin:/usr/bin" \
"$@"
Browsers checked, all act consistently for this problem:
Konqueror 2.1.1
on platform Linux Mandrake 8 (2.4.3-20mdk kernel), with KDE 2.1.1
Netscape Communicator 4.73
on platform Windows NT 4.0 SP5
Internet Explorer 5.01 SP1
on platform Windows NT 4.0 SP5
URL to the server's phpinfo() page:
http://mail17.domainhost.com/session_test/phpinfo.html
Short summary:
I have been having trouble with session management functions
all day, so I am going to store my session stuff in a database
instead of burning time and brain cells debugging this. (So there
are no session_ function calls at all.) I ended up implementing
an idea from here:
http://www.easysoft.com/tech/php/tut_001/main.phtml
I am creating a 32-bit "session id" the standard way I've seen
everywhere,
$session_id = md5(uniqid(rand()));
I chose to try an example of "hiding" the session id on the end of the
URL,
as described in a New Riders book "Web Application Development with PHP
4.0"
by Tobias Ratschiller and Till Gerken.
(so that the URL is of the form:
http://mail17.domainhost.com/session_test/main.html/f02c5b6038a7f9681fa671e84f33e9bc)
When I use relative URLs for pages and images, and there is a session id
at the end of the URL, all browsers that I've encountered produce "broken"
links
of this form:
http://mail17.domainhost.com/session_test/main.html/mail.html/f02c5b6038a7f9681fa671e84f33e9bc
instead of the expected
http://mail17.domainhost.com/session_test/mail.html/f02c5b6038a7f9681fa671e84f33e9bc
To get this sample application functional, I had to prepend '../'
to my relative URLs, for both hypertext links, and img src path
Why? The files are all in the same directory, so I think I've found
a bug (and it's workaround).
The reason I am not sure if the error is on the browser side or the
server side is: When I view the page source, it appears as expected,
not with the "broken" link/image paths.
The "flow" through this sample application is:
Start ->
index.html (login form, enter any login id, any password) ->
login.html (authenticates, creates $session_id, then redirects in auth.inc)
->
main.html/$session_id ->
mail.html/$session_id (when you click on first link)
OR
billing.html/$session_id (when you click on second link)
OR
web.html/$session_id (when you click on third link)
OR
logout.html/$session_id (when you click on the last link) -> Start
URL to functional sample application:
http://mail17.domainhost.com/session_test/index.html
URL to functional sample application PHP source:
http://mail17.domainhost.com/session_test_src/index.html
URL to broken sample application:
http://mail17.domainhost.com/bad_session_test/index.html
URL to broken sample application PHP source:
http://mail17.domainhost.com/bad_session_test_src/index.html
Differences are isolated to these files:
del-session.inc (redirect to index.html)
session.inc (redirect to index.html)
header.inc (image path)
main.html (hypertext links to mail, billing, web, logout pages)
Thanks for your hard work on PHP 4! It is really great,
and I want to make it better!
--
Edit bug report at: http://bugs.php.net/?id=12218&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
