On Saturday 27 December 2003 10:54 am, Andy Higgins wrote:
> 1. At the time of login will the login code need to check if the clients
> browser accepts cookies and if not then append the SID as described? If so,
> do you perhaps have a sample piece of code that does this?
No, php does this for you. Thats why I gave the explanation of the value of
SID when browsers accept, or dont accept cookies.
Sample code
<?php
session_start();
if (SID === '')
{
echo 'Cookie Exists';
}
else
{
echo 'Cookie doesnt exist';
}
echo '<p><a href="' . $_SERVER['PHP_SELF'] . '?' . SID . '">CLICK ME</a></p>';
?>
If the browser does accept cookies, on the first page load, it will report
"Cookie doesn't exist" because the cookie wont become available till the next
page load. After the initial page load, it will report "Cookie Exists".
If the browser does not accept cookies, it will always say "Cookie doesnt
exists".
> 2. Am I correct in understanding that if the client has logged in (with no
> cookies enabled i.e. the SID needs to be passed) and the site contains
> other static pages (that cannot pass the SID) that if the client browses
> any of these static pages and then returns to a page that required the
> client to be logged that they will have to log in again?
Yes that is correct. The session id must stay in all urls within the site.
If you are able to direct them to a static page, you should still be able to
pass the SID in the url/form/iframe/etc they click.
> 3. For forms, where the SID need to be passed, do you pass this as a hidden
> form variable or do you do it on the URL?
>
I have it passing in the form's action attribute, so it stays in $_GET domain
like regular links.
echo '<form action="foo.php' . SID . '" method="post">
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
