Hi Gerard, Thank you for your assistance you have been of enormous help.
Regards, Andy "Gerard Samuel" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On Saturday 27 December 2003 10:54 am, Andy Higgins wrote: > > > 1. At the time of login will the login code need to check if the clients > > browser accepts cookies and if not then append the SID as described? If so, > > do you perhaps have a sample piece of code that does this? > > No, php does this for you. Thats why I gave the explanation of the value of > SID when browsers accept, or dont accept cookies. > > Sample code > <?php > > session_start(); > if (SID === '') > { > echo 'Cookie Exists'; > } > else > { > echo 'Cookie doesnt exist'; > } > > echo '<p><a href="' . $_SERVER['PHP_SELF'] . '?' . SID . '">CLICK ME</a></p>'; > > ?> > > If the browser does accept cookies, on the first page load, it will report > "Cookie doesn't exist" because the cookie wont become available till the next > page load. After the initial page load, it will report "Cookie Exists". > If the browser does not accept cookies, it will always say "Cookie doesnt > exists". > > > 2. Am I correct in understanding that if the client has logged in (with no > > cookies enabled i.e. the SID needs to be passed) and the site contains > > other static pages (that cannot pass the SID) that if the client browses > > any of these static pages and then returns to a page that required the > > client to be logged that they will have to log in again? > > Yes that is correct. The session id must stay in all urls within the site. > If you are able to direct them to a static page, you should still be able to > pass the SID in the url/form/iframe/etc they click. > > > 3. For forms, where the SID need to be passed, do you pass this as a hidden > > form variable or do you do it on the URL? > > > > I have it passing in the form's action attribute, so it stays in $_GET domain > like regular links. > echo '<form action="foo.php' . SID . '" method="post"> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
