On Saturday 27 December 2003 07:03 am, Andy Higgins wrote: > Hello All, > > I have been racking my head over a problem where a large percentage of > users are unable to log into my php site due to what seems to be a problem > with setting php session variables on certain end user browsers (certain > versions of AOL seem to be particularly problematic). Below are some > snippets of code that are used to do the authentication/ login. > > Has anyone encountered the same problem and if so do you have a solution? > The only solution I can think of is to pass the session using PHPSESSION in > the URL however I would like to avoid this if at all possible as it > involves a major re-write of the code (as session variables are used > elsewhere in the session) and if I am not mistaken if a user accesses a > non-php page then the session is lost requiring them to log in again. >
Im just putting the finishing touches to my code, that I had to rewrite for similar reasons as you. You're going to have to include the session id in the url for those users who do not allow cookies. Using this fact about the constant SID a) If the user's browser accepts cookies, SID will be empty "" b) If the user's browser does not accept cookies, SID will be "PHPSESSID=xxx" So what I did, was append the constant SID to all urls/forms and php header() (for redirection) functions that point to the site that is serving the content (dont append SID to urls going to other sites). So the final results will be a) If the user's browser accepts cookies, urls/forms/php header() will be normal b) If the user's browser does not accept cookies, the session id is appended to urls/forms/php header() OR you can take the easy way out, and turn on transparent ids with -> http://us2.php.net/manual/en/ install.configure.php#install.configure.enable-trans-sid -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
