PHP :: Request #18563 :: Problem with Session ID as hidden POST Variable

Problem with Session ID as hidden POST Variable

Submitted:

2002-07-25 08:02 UTC

Modified:

2002-07-25 08:10 UTC

Votes:	1
Avg. Score:	2.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

bruno dot baketaric at wob dot ag

Assigned:

Status:

Wont fix

Package:

Feature/Change Request

PHP Version:

4.2.1

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	bruno dot baketaric at wob dot ag
New email:
PHP Version:		OS:

New Comment:

[2002-07-25 08:02 UTC] bruno dot baketaric at wob dot ag

Posting the (URL-based) session variable as hidden form value can lead into a problem if the user hits the Browsers RELOAD-button on the following page (usually some kind of "thank you"-page). In this case the session id is gone. 

Sure, this is no Problem if you use cookies - but well, I just hate them and quite often I even must not (!) use them.

Solution: make the session id be added to the action attribute of the form (again) when PHP is working in "trans-sid"-mode.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-07-25 08:10 UTC] sniper@php.net

Either add it manually or change the form=fakeentry to form=action in php.ini directive url_rewriter.tags

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Dec 27 09:01:29 2024 UTC