--- David T-G <[EMAIL PROTECTED]> wrote: > % Check your php.ini and see if you can find this: > % > % session.use_trans_sid = 1 > > Yep.
OK, well PHP should add the session identifier to the URL for every link on the first page. This is because PHP can't tell until the next request whether the browser is accepting cookies. You can think of PHP's logic like this: 1. If the user requests a page with no session identifier at all, start a new session. On the page sent to the user, rewrite all URLs to include the session identifier. 2. If the user requests a page with the session identifier in the URL but without a cookie, assume the user's browser did not accept the cookie. Rewrite all URLs to include the session identifier. 3. If the user requests a page with the session identifier in the URL and in a cookie, this is the user's second request, and the user's browser accepts cookies. No rewriting is necessary. 4. If the user requests a page with the session identifier only in a cookie, this is at least the user's third visit, and the user's browser accepts cookies. No rewriting is necessary. So, based on this, I would recommend testing from scratch. Make sure you have no cookies. Restart the browser if necessary. Then, visit the first page (where you first have your session_start() call) and view source. If PHP is doing the session.use_trans_sid stuff correctly, your URLs should all be rewritten to include the session identifier. This would be my first step in trying to debug the situation. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
