Hi Gerard, Thank you very much for the response. Please can you clarify the following:
1. At the time of login will the login code need to check if the clients browser accepts cookies and if not then append the SID as described? If so, do you perhaps have a sample piece of code that does this? 2. Am I correct in understanding that if the client has logged in (with no cookies enabled i.e. the SID needs to be passed) and the site contains other static pages (that cannot pass the SID) that if the client browses any of these static pages and then returns to a page that required the client to be logged that they will have to log in again? 3. For forms, where the SID need to be passed, do you pass this as a hidden form variable or do you do it on the URL? You help is greatly appreciated. Thanks again. Regards, Andy "Gerard Samuel" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On Saturday 27 December 2003 07:03 am, Andy Higgins wrote: > > Hello All, > > > > I have been racking my head over a problem where a large percentage of > > users are unable to log into my php site due to what seems to be a problem > > with setting php session variables on certain end user browsers (certain > > versions of AOL seem to be particularly problematic). Below are some > > snippets of code that are used to do the authentication/ login. > > > > Has anyone encountered the same problem and if so do you have a solution? > > The only solution I can think of is to pass the session using PHPSESSION in > > the URL however I would like to avoid this if at all possible as it > > involves a major re-write of the code (as session variables are used > > elsewhere in the session) and if I am not mistaken if a user accesses a > > non-php page then the session is lost requiring them to log in again. > > > > Im just putting the finishing touches to my code, that I had to rewrite for > similar reasons as you. > You're going to have to include the session id in the url for those users who > do not allow cookies. > Using this fact about the constant SID > a) If the user's browser accepts cookies, SID will be empty "" > b) If the user's browser does not accept cookies, SID will be "PHPSESSID=xxx" > > So what I did, was append the constant SID to all urls/forms and php header() > (for redirection) functions that point to the site that is serving the > content (dont append SID to urls going to other sites). > > So the final results will be > a) If the user's browser accepts cookies, urls/forms/php header() will be > normal > b) If the user's browser does not accept cookies, the session id is appended > to urls/forms/php header() > > OR > > you can take the easy way out, and turn on transparent ids with -> > http://us2.php.net/manual/en/ > install.configure.php#install.configure.enable-trans-sid -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
