PHP :: Request #18563 :: Problem with Session ID as hidden POST Variable

Problem with Session ID as hidden POST Variable

Submitted:

2002-07-25 08:02 UTC

Modified:

2002-07-25 08:10 UTC

Votes:	1
Avg. Score:	2.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

bruno dot baketaric at wob dot ag

Assigned:

Status:

Wont fix

Package:

Feature/Change Request

PHP Version:

4.2.1

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	bruno dot baketaric at wob dot ag
New email:
PHP Version:		OS:

New/Additional Comment:

[2002-07-25 08:02 UTC] bruno dot baketaric at wob dot ag

Posting the (URL-based) session variable as hidden form value can lead into a problem if the user hits the Browsers RELOAD-button on the following page (usually some kind of "thank you"-page). In this case the session id is gone. 

Sure, this is no Problem if you use cookies - but well, I just hate them and quite often I even must not (!) use them.

Solution: make the session id be added to the action attribute of the form (again) when PHP is working in "trans-sid"-mode.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-07-25 08:10 UTC] sniper@php.net

Either add it manually or change the form=fakeentry to form=action in php.ini directive url_rewriter.tags

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2026 The PHP Group All rights reserved.	Last updated: Thu Jun 18 09:00:01 2026 UTC