With transparent session ids turned on, and cookies disabled, the auto sid function
sometimes breaks on urls that have other variables passed on the url.

SID
inserted:
href="skinview.php??sid=2a5ae9d5d09a578644ed872068ba443carea=winamp2&skin=Metallic+Nebula"

Original script:
href="skinview.php?area=winamp2&skin=Metallic+Nebula"

SID inserted:
href="profile.php?user=&sid=2a5ae9d5d09a578644ed872068ba443cshark3000"

Original script:
href="profile.php?user=shark3000"

Problem only occurs on some URLS on some of the pages, is real random, wish i could find
the connection on the broken URLS.  See http://beta.skinz.org for more live demo.

[update]
Problem is when you have half HTML / PHP URLs, the sid inserts itself before the PHP is parsed.  Above script was
<a href="/skinview.php?area=<? echo $row->area; ?>&skin=< echo urlencode($row->name); ?>">, the 
sid is being inserted after the area= and then the PHP is parsed and added to the end of the
sid.  I suggest parsing the full URL until the closing " of the href is found before inserting
the sid.  Fixed code: <? echo "&lt;a href=\"/skinview.php?area=$row-&gt;area&skin=".urlencode($row-&gt;name)."\"&gt;"; ?&gt;

Please notify if/when this is fixed as the site is due to 
open March 1st.  Great work with the transparent sid's all up though, it saves alot of time on developing large sites.

With transparent session ids turned on, and cookies disabled, the auto sid function
sometimes breaks on urls that have other variables passed on the url.

SID
inserted:
href="skinview.php??sid=2a5ae9d5d09a578644ed872068ba443carea=winamp2&skin=Metallic+Nebula"

Original script:
href="skinview.php?area=winamp2&skin=Metallic+Nebula"

SID inserted:
href="profile.php?user=&sid=2a5ae9d5d09a578644ed872068ba443cshark3000"

Original script:
href="profile.php?user=shark3000"

Problem only occurs on some URLS on some of the pages, is real random, wish i could find
the connection on the broken URLS.  See http://beta.skinz.org for more live demo.

[update]
Problem is when you have half HTML / PHP URLs, the sid inserts itself before the PHP is parsed.  Above script was
<a href="/skinview.php?area=<? echo $row->area; ?>&skin=< echo urlencode($row->name); ?>">, the 
sid is being inserted after the area= and then the PHP is parsed and added to the end of the
sid.  I suggest parsing the full URL until the closing " of the href is found before inserting
the sid.  Fixed code: <? echo "<a href=\"/skinview.php?area=$row->area&skin=".urlencode($row->name)."\">"; ?>

Please notify if/when this is fixed as the site is due to 
open March 1st.  Great work with the transparent sid's all up though, it saves alot of time on developing large sites.

this is a transcript from phpdev list that should explain 
what's wrong here:

On Mon, 3 Jul 2000, Hartmut Holzgraefe wrote:
> there is some problem related to the interaction of output buffering
> (i guess) and --trans-sid-id url rewriting
> 
> the problem is that the function performing the actual rewrite
> (url_scanner() in ext/standard/url_scanner.c) will be provided 
> with chunks of data that may contain incomplete parts of an url
> spanning across a buffer boundary
> 
> as the url_scanner() does not know that it was provided with 
> incomplete data it will attach the session id parameter to the 
> end of the url as it appears in the buffer passed into it as a
> parameter, and in the next step the remaining part of the url
> located at the very beginning of the next chunk of output is
> appended to the session id parameter just added, with the final
> result of an url with the session id parameter stuffed into the
> middle of the url

    Correct analysis.

    The fix is to make the url scanner context-sensitive, so that
    it will buffer and correctly patch URLs. 
    
    Please use output buffering in the meantime.

    - Sascha

changed to 'session related'

ok, i'll go for it

the rewrite is in CVS now