|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2003-07-17 12:57 UTC] chris_se at gmx dot net
Description: ------------ According to http://de3.php.net/manual/de/function.ini-set.php you may not alter session.use_trans_sid in PHP scripts, because it is only changeable in PHP_INI_SYSTEM|PHP_INI_PERDIR. I do not know why this is so, but in my eyes it should at least be possible to deactivate this option at runtime. Reproduce code: --------------- <?php ini_set ('session.use_trans_sid', 0); session_start (); ?> <a href="a.php">Test</a> Expected result: ---------------- In an environment with 'session.use_trans_sid' activated in the php.ini file or in a .htaccess file, it should *not* append the session id to the link: <a href="a.php">Test</a> Actual result: -------------- The session id is appended to the link and not even an error or notice ist produced: <a href="a.php?PHPSESSID=...">Test</a> PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Oct 25 20:00:01 2025 UTC |
Why is that so? In my eyes, the point that makes sense for the rewriter to be started, is session_start(). Furthermore: If I kind of 'deactivate' the rewriter by ini_set ('url_rewriter.tags', ''); it also has effect on links that were already sent to output: --------------------------------------- <?php session_start (); ?> <a href="a.php">Test</a> <?php ini_set ('url_rewriter.tags', ''); ?> <a href="a.php">Test</a> --------------------------------------- will generate: <a href="a.php">Test</a> <a href="a.php">Test</a> whereas --------------------------------------- <?php session_start (); ?> <a href="a.php">Test</a> <?php // ini_set ('url_rewriter.tags', ''); ?> <a href="a.php">Test</a> --------------------------------------- appends the session id to both links. Therefore I don't quite understand why deactivating the rewriter before session_start() is not possible whereas modifying it is even possible after session_start() and even after output that has to be rewritten was already generated.I tried to figure out myself how this could be solved. I just changed the definition of session.use_trans_sid to PHP_INI_ALL and I recompiled my PHP module. Now, I can change session.use_trans_sid before session_start() is called and it works fine. Here's the 'patch' (against PHP 4.3.2): --------------------------------------------------------- --- ext/session/session.c.old 2003-07-19 12:29:58.000000000 +0200 +++ ext/session/session.c 2003-07-19 12:34:31.000000000 +0200 @@ -151,7 +151,7 @@ STD_PHP_INI_ENTRY("session.entropy_length", "0", PHP_INI_ALL, OnUpdateInt, entropy_length, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.cache_limiter", "nocache", PHP_INI_ALL, OnUpdateString, cache_limiter, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.cache_expire", "180", PHP_INI_ALL, OnUpdateInt, cache_expire, php_ps_globals, ps_globals) - STD_PHP_INI_BOOLEAN("session.use_trans_sid", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, use_trans_sid, php_ps_globals, ps_globals) + STD_PHP_INI_BOOLEAN("session.use_trans_sid", "0", PHP_INI_ALL, OnUpdateBool, use_trans_sid, php_ps_globals, ps_globals) /* Commented out until future discussion */ /* PHP_INI_ENTRY("session.encode_sources", "globals,track", PHP_INI_ALL, NULL) */ ---------------------------------------------------------> as there is no mechanism for ini_set to check whether output has started There is a mechanism: these OnUpdate*-functions. I added a function OnUpdateTransSid which is essentially the OnUpdateBool function definied within Zend/zend_ini.c but with an if-block in front of it, if the session was already started. (the if-block was taken from another OnUpdate-function that was in session.c) It probably would be cleaner to call OnUpdateBool directly instead of just copying the code, but as all those functions are defined by precompiler macros, I assume the parameters of these functios could change, so just copying the code from OnUpdateBool seems to be more portable to me. Here are my changes so far: (tested with PHP 4.3.2) ----------------------------------------------------------------------- --- ext/session/session.c.old 2003-07-19 12:29:58.000000000 +0200 +++ ext/session/session.c 2003-07-19 13:46:33.000000000 +0200 @@ -105,6 +105,32 @@ return SUCCESS; } +static PHP_INI_MH(OnUpdateTransSid) +{ + if (PS(session_status) == php_session_active) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "A session is active. You cannot change the session module's ini settings at this time."); + return FAILURE; + } + + zend_bool *p; +#ifndef ZTS + char *base = (char *) mh_arg2; +#else + char *base; + + base = (char *) ts_resource(*((int *) mh_arg2)); +#endif + + p = (zend_bool *) (base+(size_t) mh_arg1); + + if (strncasecmp("on", new_value, sizeof("on"))) { + *p = (zend_bool) atoi(new_value); + } else { + *p = (zend_bool) 1; + } + return SUCCESS; +} + static PHP_INI_MH(OnUpdateSerializer) { if (PS(session_status) == php_session_active) { @@ -151,7 +177,7 @@ STD_PHP_INI_ENTRY("session.entropy_length", "0", PHP_INI_ALL, OnUpdateInt, entropy_length, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.cache_limiter", "nocache", PHP_INI_ALL, OnUpdateString, cache_limiter, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.cache_expire", "180", PHP_INI_ALL, OnUpdateInt, cache_expire, php_ps_globals, ps_globals) - STD_PHP_INI_BOOLEAN("session.use_trans_sid", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, use_trans_sid, php_ps_globals, ps_globals) + STD_PHP_INI_BOOLEAN("session.use_trans_sid", "0", PHP_INI_ALL, OnUpdateTransSid, use_trans_sid, php_ps_globals, ps_globals) /* Commented out until future discussion */ /* PHP_INI_ENTRY("session.encode_sources", "globals,track", PHP_INI_ALL, NULL) */ -----------------------------------------------------------------------