Re: [phplib] question about auth passing session id From: Jesse Swensen (swensenj <email protected>)
Date: 08/30/00

You can't turn it off. It works that way to insure the session id is
available the first time through, because the cookie is not yet available.
Take a look in session.inc, the release_token method. You will see some
code that looks like:

        header("Location: ". $PROTOCOL. "://".$HTTP_HOST.$this->self_url());
        exit;

This is the code that insures you have a session id by redirecting the page
back to itself with the session info attached to the end. As a result this
sets the cookie as well. So the next page will drop the session id from the
URL and uses the cookie. 

-- 
Jesse Swensen
swensenj <email protected>

> From: "darcy w. christ" <darcy <email protected>>
> Date: Wed, 30 Aug 2000 11:09:36 -0400
> To: phplib <phplib <email protected>>
> Subject: [phplib] question about auth passing session id
> 
> Hi,
> 
> i've been trying to figure out what controls the session id being
> passed as a GET after you login.  The form in loginform.ihtml uses a
> POST (or else i changed it to a POST), but i still get the session
> cookie value appended on the url.  Does anyone know what causes this and
> whether i can turn it off.  i don't allow people to login without using
> cookies and so i would just as soon turn this off.  By the way, i have
> the variable mode set to cookie.  Any thoughts?
> 
> -- 
> ~darcy w. christ
> Elegant Communications Inc.
> 416.362.9772 x222 | 416.362.8324 fax
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: phplib-unsubscribe <email protected>
> For additional commands, e-mail: phplib-help <email protected>
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>