[PHPLIB-DEV] cvs commit From: kir (phplib-dev <email protected>)
Date: 02/28/00

From: kir
Date: Mon Feb 28 10:27:56 2000
Modified files:
      php-lib/CHANGES
      php-lib/php/session.inc

Log message:
  - url() function - avoid several session info variables in QUERY_STRING,
    so url(url($url)) gives only one Session=value.
  - release_token() - check HTTP_POST_VARS too.
  - Remove session info from QUERY_STRING if mode is cookie.
  - some comments added

Index: php-lib/CHANGES
diff -u php-lib/CHANGES:1.161 php-lib/CHANGES:1.162
--- php-lib/CHANGES:1.161 Wed Feb 2 01:01:46 2000
+++ php-lib/CHANGES Mon Feb 28 10:27:24 2000
@@ -1,4 +1,12 @@
-$Id: CHANGES,v 1.161 2000/02/02 00:01:46 ssilk Exp $
+$Id: CHANGES,v 1.162 2000/02/28 09:27:24 kir Exp $
+
+28-Feb-2000 kir
+ - session.inc changes:
+ - url() function - avoid several session info variables in QUERY_STRING,
+ so url(url($url)) gives only one Session=value.
+ - release_token() - check HTTP_POST_VARS too.
+ - Remove session info from QUERY_STRING if mode is cookie.
+ - some comments added
 
 02-Feb-2000 SSilk
   - slight changes to prepend.php3, hope you like them
Index: php-lib/php/session.inc
diff -u php-lib/php/session.inc:1.61 php-lib/php/session.inc:1.62
--- php-lib/php/session.inc:1.61 Wed Feb 16 08:38:09 2000
+++ php-lib/php/session.inc Mon Feb 28 10:27:25 2000
@@ -5,11 +5,12 @@
  * Copyright (c) 1998,1999 NetUSE GmbH
  * Boris Erdmann, Kristian Koehntopp
  *
- * $Id: session.inc,v 1.61 2000/02/16 07:38:09 kk Exp $
+ * $Id: session.inc,v 1.62 2000/02/28 09:27:25 kir Exp $
  *
  */
 
 class Session {
+
   var $classname = "Session"; ## Needed for object serialization.
 
   ## Define the parameters of your session by either overwriting
@@ -24,7 +25,7 @@
                                       ## session cookie is set.
 
   var $gc_time = 1440; ## Purge all session data older than 1440 minutes.
- var $gc_probability = 1; ## Garbage collect probability in percent
+ var $gc_probability = 5; ## Garbage collect probability in percent
 
   var $auto_init = ""; ## Name of the autoinit-File, if any.
   var $secure_auto_init = 1; ## Set to 0 only, if all pages call
@@ -81,6 +82,7 @@
     }
   }
 
+
   ## get_id():
   ##
   ## Propagate the session id according to mode and lifetime.
@@ -97,11 +99,15 @@
       $newid=false;
       switch ($this->mode) {
         case "get":
- if ("" == ($id = isset($HTTP_GET_VARS[$this->name]) ? $HTTP_GET_VARS[$this->name] : ""))
- $id = isset($HTTP_POST_VARS[$this->name]) ? $HTTP_POST_VARS[$this->name] : "";
+ $id = isset($HTTP_GET_VARS[$this->name]) ?
+ $HTTP_GET_VARS[$this->name] :
+ ( isset($HTTP_POST_VARS[$this->name]) ?
+ $HTTP_POST_VARS[$this->name] :
+ "") ;
         break;
         case "cookie":
- $id = isset($HTTP_COOKIE_VARS[$this->name]) ? $HTTP_COOKIE_VARS[$this->name] : "";
+ $id = isset($HTTP_COOKIE_VARS[$this->name]) ?
+ $HTTP_COOKIE_VARS[$this->name] : "";
         break;
         default:
           die("This has not been coded yet.");
@@ -114,6 +120,8 @@
       $id = $this->that->ac_newid(md5(uniqid($this->magic)), $this->name);
     }
  
+
+
     switch ($this->mode) {
       case "cookie":
         if ( $newid && ( 0 == $this->lifetime ) ) {
@@ -122,9 +130,18 @@
         if ( 0 < $this->lifetime ) {
           SetCookie($this->name, $id, time()+$this->lifetime*60, "/", $this->$cookie_domain);
         }
+
+ // Remove session ID info from QUERY String - it is in cookie
+ if ( !empty($QUERY_STRING) )
+ {
+ $QUERY_STRING = ereg_replace(
+ "(^|&)".quotemeta(urlencode($this->name))."=".$id."(&|$)",
+ "", $QUERY_STRING);
+ }
+
       break;
       case "get":
- if ( isset($QUERY_STRING) ) {
+ if ( !empty($QUERY_STRING) ) {
           $QUERY_STRING = ereg_replace(
             "(^|&)".quotemeta(urlencode($this->name))."=".$id."(&|$)",
             "\\1", $QUERY_STRING);
@@ -133,8 +150,7 @@
       default:
         ;
       break;
- }
-
+ }
     $this->id = $id;
   }
 
@@ -172,17 +188,20 @@
   ## session $id.
    
   function url($url){
+ // Remove existing session info from url:
+ if (strstr($url, $this->name) != false)
+ {
+ $url = ereg_replace("&*".$this->name."=[[:alnum:]]+", "", $url);
+ }
+
+ // Remove trailing ?/& if needed
     $url=ereg_replace("[&?]+$", "", $url);
+
  
     switch ($this->mode) {
       case "get":
-
         $url .= ( strpos($url, "?") != false ? "&" : "?" ).
                 urlencode($this->name)."=".$this->id;
-
- break;
- default:
- ;
       break;
     }
     return $url;
@@ -194,9 +213,8 @@
 
   function self_url() {
     global $PHP_SELF, $QUERY_STRING;
-
     return $this->url($PHP_SELF.
- ((isset($QUERY_STRING) && ("" != $QUERY_STRING)) ? "?".$QUERY_STRING : ""));
+ ((!empty($QUERY_STRING)) ? "?".$QUERY_STRING : ""));
   }
 
   function pself_url() {
@@ -229,7 +247,7 @@
     global $PHP_SELF;
     global $QUERY_STRING;
 
- if ((isset($QUERY_STRING) && ("" != $QUERY_STRING))
+ if ( !empty($QUERY_STRING)
      || ($this->mode == "get")) {
       $sep_char = "&";
     } else {
@@ -403,28 +421,50 @@
     $this->name = $this->cookiename==""?$this->classname:$this->cookiename;
   }
 
- function release_token( $sid = "" ){
- global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_HOST, $HTTPS;
+ function release_token( $sid = "" )
+ {
+ global $HTTP_COOKIE_VARS, $HTTP_POST_VARS, $HTTP_GET_VARS,
+ $HTTP_HOST, $HTTPS;
+
     if ( isset($this->fallback_mode)
- && ( "get" == $this->fallback_mode )
- && ( "cookie" == $this->mode )
- && ( ! isset($HTTP_COOKIE_VARS[$this->name]) ) ) {
- if ( isset($HTTP_GET_VARS[$this->name]) ) {
- $this->mode = $this->fallback_mode;
- } else {
- header("Status: 302 Moved Temporarily");
- $this->get_id($sid);
- $this->mode = $this->fallback_mode;
- if( isset($HTTPS) && $HTTPS == 'on' ){
- ## You will need to fix suexec as well, if you use Apache and CGI PHP
- $PROTOCOL='https';
- } else {
- $PROTOCOL='http';
+ && ( "get" == $this->fallback_mode )
+ && ( "cookie" == $this->mode )
+ && ( ! isset($HTTP_COOKIE_VARS[$this->name]) )
+ )
+ {
+
+ // Looks like no cookie here - check GET/POST params
+ if ( isset($HTTP_GET_VARS[$this->name]) ||
+ isset($HTTP_POST_VARS[$this->name]) )
+ {
+ // Session info passed via GET/POST - go to fallback_mode
+ $this->mode = $this->fallback_mode;
+ }
+ else
+ {
+ // It seems to be the first load of this page -
+ // no cookie and no GET/POST params
+
+ header("Status: 302 Moved Temporarily");
+
+ // Generate session ID and setup cookie.
+ $this->get_id($sid);
+
+ // Next line is to generate correct self_url() later
+ $this->mode = $this->fallback_mode;
+
+ if( isset($HTTPS) && $HTTPS == 'on' ) {
+ ## You will need to fix suexec as well,
+ ## if you use Apache and CGI PHP
+ $PROTOCOL='https';
+ } else {
+ $PROTOCOL='http';
+ }
+
+ header("Location: ". $PROTOCOL. "://".$HTTP_HOST.$this->self_url());
+ exit;
         }
- header("Location: ". $PROTOCOL. "://".$HTTP_HOST.$this->self_url());
- exit;
       }
- }
   }
 
   function put_headers() {
@@ -481,8 +521,8 @@
   function start($sid = "") {
     $this->set_container();
     $this->set_tokenname();
- $this->release_token($sid);
     $this->put_headers();
+ $this->release_token($sid);
     $this->get_id($sid);
     $this->thaw();
     $this->gc();

-
PHPLIB Developers Mailing List. Send messages to <phplib-dev <email protected>>.
To unsubscribe, send "unsubscribe" to <phplib-dev-request <email protected>> in
the body, not the subject, of your message.