[phplib] Old bug in session.inc From: Chris Johnson (chris <email protected>)
Date: 05/01/01

PHPLIB 7.0 through 7.2c all contain this code in session.inc:
_____________________________________________________________
  ## Stop using the current session id (unset cookie, ...) and
  ## abandon a session.
  function put_id() {
    global $HTTP_COOKIE_VARS;

    $this->name = $this->cookiename==""?$this->classname:$this->cookiename;

    switch ($this->mode) {
      case "inline":
        die("This has not been coded yet.");
      break;

      case "get":
        die("This has not been coded yet.");
      break;

      default:
            SetCookie($this->name, "", 0, "/", $this->cookie_domain);
            $HTTP_COOKIE_VARS[$this->name] = "";
      break;
    }
  }

  ## delete():
  ##
  ## Delete the current session record and put the session id.

  function delete() {
      $this->that->ac_delete($this->id, $this->name);
      $this->put_id();
  }
--------------------------------------------------------------------------------
--------------------
Fallback mode and GET mode are implemented in other functions, but *not* in the
put_id() function.

As you can see, if one is using GET mode instead of COOKIE mode, or if one has
fallen back to GET mode, or if one has just logged in (the first authenticated
page is always opened in GET mode), this will fail on the die("This has not been
coded yet.").

The default branch of the switch deletes the cookie. But if one is using GET
mode, there is no cookie. What's the general feeling on the best way to
implement the GET branch on the switch()?

I'm ready to fix it so that it stops causing me trouble. I will commit that fix
to the CVS. But I thought others might have some thoughts on just what the best
way to fix it is. Suggestions? Comments?

Thanks,
..chris

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>