php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #14280 session url rewriting not working?
Submitted: 2001-11-29 09:12 UTC Modified: 2001-11-29 11:15 UTC
From: jroenberg at dk dot tiscali dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.0.6 OS: Sun Solaris
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2001-11-29 09:12 UTC] jroenberg at dk dot tiscali dot com 
when compiling php version 4.06 with '--enable-trans-sid' and thereafter setting 'session.use_cookies off' in php.ini or in Apache's virtual host container.

Does anyone know why the url rewriting works like this:
- when it encounters a 'href' it do rewrite
- when it encounters a header("Location: test.php"); it does not rewrite
- when it encounters a <form action=test.php > it does not rewrite

im not sure its a bug, but if it is not - then there is'nt much fun in using url rewriting at all for sessions. 

'./configure' '--with-apache=../apache_1.3.20' '--with-config-file-path=/etc' '--without-system-regex' '--enable-versioning' '--enable-track-vars' '--enable-trans-sid' '--with-oci8=/home/oracle/product/8.1.7/' '--with-mysql=/opt/mysql-3.23.32'

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-11-29 09:20 UTC] hholzgra@php.net 
please check for an added hidden field in <form>.
reopen the bug report if you do not find one

for the "Location:" header:

- trans-sid does only rewrite the HTML content,
  not the headers

- relative URLs are not allowed in Location: headers
   (see php.net/header for further info)
 [2001-11-29 10:43 UTC] jroenberg at dk dot tiscali dot com 
it does put in a hidden field, I was to quick there, sorry 
about that.

about the header function:
it works saying header("Location: test.php");
you don't have to specify an absolute path, so that means 
a lot of people out there don't. Maybe thats a bug (or a 
feature) in itself.

So whats the story about the header-function, bug? Or if 
not, should'nt it be possible to rewrite the header it its 
relative?
 [2001-11-29 10:57 UTC] derick@php.net 
The HTTP standard does not allow relative paths / files in the Location: header.
You should always use this form:

Location: http://servername.domain.nl/file.php

Derick
 [2001-11-29 11:15 UTC] hholzgra@php.net 
sorry, but i don't see the point in 
rewriting the Location header

if you do a redirect by header() you 
should know pretty well what you are 
doing, *including* whether you need a
session id in it or not

it's just adding the SID constant in
*one* place instead of all over a
html document that might even be
maintained by someone else

if you *realy* think header() shoud be
that magical, then submit a feature request

PS: that some browsers accept relative
    Location headers and that some people
    out there make use if this does *not at all*
    imply that this is correct usage
    (you should have seen the note about that
     if you'd had a look at the header() 
     manual page lately as suggest in my
     first reply)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun May 05 18:01:31 2024 UTC