PHP :: Bug #14280 :: session url rewriting not working?

Bug #14280	session url rewriting not working?
Submitted:	2001-11-29 09:12 UTC	Modified:	2001-11-29 11:15 UTC
From:	jroenberg at dk dot tiscali dot com	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	4.0.6	OS:	Sun Solaris
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jroenberg at dk dot tiscali dot com
New email:
PHP Version:		OS:

New Comment:

[2001-11-29 09:12 UTC] jroenberg at dk dot tiscali dot com

when compiling php version 4.06 with '--enable-trans-sid' and thereafter setting 'session.use_cookies off' in php.ini or in Apache's virtual host container.

Does anyone know why the url rewriting works like this:
- when it encounters a 'href' it do rewrite
- when it encounters a header("Location: test.php"); it does not rewrite
- when it encounters a <form action=test.php > it does not rewrite

im not sure its a bug, but if it is not - then there is'nt much fun in using url rewriting at all for sessions. 

'./configure' '--with-apache=../apache_1.3.20' '--with-config-file-path=/etc' '--without-system-regex' '--enable-versioning' '--enable-track-vars' '--enable-trans-sid' '--with-oci8=/home/oracle/product/8.1.7/' '--with-mysql=/opt/mysql-3.23.32'

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-11-29 09:20 UTC] hholzgra@php.net

please check for an added hidden field in <form>.
reopen the bug report if you do not find one

for the "Location:" header:

- trans-sid does only rewrite the HTML content,
  not the headers

- relative URLs are not allowed in Location: headers
   (see php.net/header for further info)

[2001-11-29 10:43 UTC] jroenberg at dk dot tiscali dot com

it does put in a hidden field, I was to quick there, sorry 
about that.

about the header function:
it works saying header("Location: test.php");
you don't have to specify an absolute path, so that means 
a lot of people out there don't. Maybe thats a bug (or a 
feature) in itself.

So whats the story about the header-function, bug? Or if 
not, should'nt it be possible to rewrite the header it its 
relative?

[2001-11-29 10:57 UTC] derick@php.net

The HTTP standard does not allow relative paths / files in the Location: header.
You should always use this form:

Location: http://servername.domain.nl/file.php

Derick

[2001-11-29 11:15 UTC] hholzgra@php.net

sorry, but i don't see the point in 
rewriting the Location header

if you do a redirect by header() you 
should know pretty well what you are 
doing, *including* whether you need a
session id in it or not

it's just adding the SID constant in
*one* place instead of all over a
html document that might even be
maintained by someone else

if you *realy* think header() shoud be
that magical, then submit a feature request

PS: that some browsers accept relative
    Location headers and that some people
    out there make use if this does *not at all*
    imply that this is correct usage
    (you should have seen the note about that
     if you'd had a look at the header() 
     manual page lately as suggest in my
     first reply)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon May 05 07:01:32 2025 UTC