Thanks for your help. It is a little clearer to me now. However, I have visited php sites that *claim* to be using session management but where the links do not have the session id appended, and there are no variables being passed in the url for links. The url is always in the form "www.somesite.com/index.php" or just "www.somesite.com". In these cases, how is the url rewriting being suppressed for the links on the page? I simply want to understand the technique.
Peter
Jason Wong wrote:
On Thursday 11 December 2003 14:16, Peter Walter wrote:
From the book "Core PHP programming", 3ed ;
"As stated earlier, PHP sends session identifiers with cookies, but a browser may refuse them. PHP can detect when a browser does not accept cookies, and in this situation it modifies all forms and links to include the session identifier."
My php pages all include start_session() before any content is sent to the browser, and my browser is configured to accept cookies. Nevertheless, any coded relative url links (<a href=...) are all modified to include PHPSESSID=12345, although the cookie *should* be set. I am using PHP 4.x. Why is this happening?
When your browser first hits the page (ie when no session has been started yet) the links and the URL will have the session ID appended. This is because at that stage the server does not know your browser is accepting cookies.
When you continue browsing your browser will send the session cookie thus signalling to the server that cookies are being accepted and should then no longer append the session ID.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
