|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2000-10-22 12:32 UTC] sas@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Apr 25 12:01:31 2024 UTC |
php4rc1 The following script creates a session containing "ses_sToto="session OK". Load it with your browser. Verify that the session is created by reloading the page. Destroy the session and verify that the session no longer exists in /tmp. Refresh the page in your browser: a new session is created, but it has the same SID ! As the cookie still exists in the browser, the browser sends it to the script, and PHP, create the session, with the given SID. Php should generate a new SID if the SID given by the browser does not exist. The problem is that with a login/passwd registering function, a session can be restarted by pushing the 'back' button in the browser. <?php session_start(); session_register("ses_sToto"); print("session_id()=".session_id()); if ($ses_sToto=="") $ses_sToto="session OK"; ?> ./configure --with-mysql --with-apache=../apache_1.3.12 --enable-track-vars