ID: 8556 Updated by: sas Reported By: [EMAIL PROTECTED] Old-Status: Open Status: Closed Bug Type: *Session related Assigned To: Comments: Regardless of whether the session id is transmitted by a cookie or the URL, the output of the PHP script is by default supposed to be non-cachable. If you think a client can cache the content of the page, change the session.cache_limiter configuration variable appropiately. Previous Comments: --------------------------------------------------------------------------- [2001-01-04 16:11:45] [EMAIL PROTECTED] This related to bug #8073 You are right when you said it is necessary to send a header with no-cache when php send a cookie. But I think it is not normal to change the header when php sends no cookie. So I changed the code: before ... if (send_cookie) php_session_send_cookie(PSLS_C); if (define_sid) { char *buf; buf = emalloc(strlen(PS(session_name)) + strlen(PS(id)) + 5); sprintf(buf, "%s=%s", PS(session_name), PS(id)); REGISTER_STRING_CONSTANT("SID", buf, 0); } else REGISTER_STRING_CONSTANT("SID", empty_string, 0); PS(define_sid) = define_sid; PS(nr_open_sessions)++; php_session_cache_limiter(PSLS_C); php_session_initialize(PSLS_C); ... after the change ... if (send_cookie) { php_session_send_cookie(PSLS_C); php_session_cache_limiter(PSLS_C); } if (define_sid) { char *buf; buf = emalloc(strlen(PS(session_name)) + strlen(PS(id)) + 5); sprintf(buf, "%s=%s", PS(session_name), PS(id)); REGISTER_STRING_CONSTANT("SID", buf, 0); } else REGISTER_STRING_CONSTANT("SID", empty_string, 0); PS(define_sid) = define_sid; PS(nr_open_sessions)++; php_session_initialize(PSLS_C); ... With this modification the no-cache header is send only once. Maybe the modification is made a wrong way!? Georges Dagousset France :-) --------------------------------------------------------------------------- ATTENTION! Do NOT reply to this email! To reply, use the web interface found at http://bugs.php.net/?id=8556&edit=2 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]