Thanks to all for their help on this. As a follow-up, and after a bunch of playing around with this yesterday, here's what I've come to learn. Perhaps it will be helpful to others:
With enable-trans-id compiled into PHP and the following directives in php.ini: session.use_cookies = 0 (PHP uses cookies for sessions - off) session.use_trans_sid = 1 (PHP uses enable-trans-id for sessions - on) PHP will automatically append the SID to the end of relative links 100% of the time and will not use cookies no matter whether the user has cookies enabled for their browser or not. In the following case (and I presume the more normal way of doing things): session.use_cookies = 1 (PHP uses cookies for sessions - on) session.use_trans_sid = 1 (PHP uses enable-trans-id for sessions - on) PHP will behave the same way for those users that do *not* have cookies enabled for their browser as in the first example, i.e. append links 100% of the time. However, for those users that have cookies enabled for their browser, PHP will append the SID to the links only on the first hit to a page. Then, when a user requests the next page, the auto-rewriting of the URI's stops and cookies are used from that point forward. Actually, that all makes sense, as the first time a user requests a page, there's no way for PHP to know if the browser will accept cookies or not. But, on the second request, the browser will send the cookie back to PHP (along with the appended URI), and PHP from that point on knows that the browser accepts cookies and PHP will then drop the rewriting of the URI's. I hope I've got this all correct. The one observation I'd make in regards to using cookies vs. URI's to maintain the session is this (and please someone correct me if I'm wrong): If a user does *not* have cookies enabled for their browser, you can lose the session if the user hits an html page at your site (because PHP will not be involved and will not rewrite the URI's for the .html page). Not good. If a user *does* have cookies enabled, they can hit non-PHP pages all they want and when they get back to a PHP page, the session is still intact. So, it would seem, while the SID being appended to all URI's should work for all users, non-PHP pages will break the session (not good). And, as for the cookie method, not all users have cookies enabled for their browser (also, not good). Therefore, IMO, neither the cookie method or appending the URI method will work as you'd like 100% of the time. I suppose one thing you could do so that non-PHP pages won't break the session for those users that don't have cookies enabled would be to just run every page in your site through PHP. That way, the URI's for every page will be appended with the SID, and maybe that's the way to go. Anyway, I hope I've got this all right and I hope it helps someone. Jeff > -----Original Message----- > From: Jeff Field [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, June 05, 2002 11:56 AM > To: [EMAIL PROTECTED] > Subject: [PHP] Sessions question (-enable-trans-sid) > > > Hi, > > I'm confused about one thing regarding sessions and haven't been able to > find the definitive answer anywhere. Hopefully, I can here. > > There are two ways to enable sessions: > > 1) Session ID is passed through cookies > 2) Session ID is passed through the URL, either done manually or by > automatic URL rewriting > > All the books, tutorials, etc. basically say that cookies are the > way to go > but "when users don't have cookies enabled, you have to use the > URL method". > Since I have an e-commerce site that is available to the world, > I'm assuming > *some* are not going to have cookies enabled. Duh! > > So, from what I've read, you can implement the URL method of sessions by > either manually attaching the session ID to the URLs, or, by compiling PHP > with enable-trans-sid, which will add the session ID to the URL's > automatically. The answer that I haven't been able to find is this: > > Is this a one or the other proposition? IOW, if I implement sessions with > cookies, then I can't use the URL method? Or, if I implement the > URL method > (with enable-trans-sid), I can't use the cookie method? Or, do > they work in > combination. IOW, does PHP automatically know that if a user has cookies > enabled, PHP will use the cookie method and, when cookies are > *not* enabled, > PHP automatically implements the URL method? > > Thanks for the help! > > Jeff > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
