What happens to SESSIONS when...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

What happens to SESSIONS when...

Post by alex.barylski »

Cookies are disabled and you are using mod_rewrite???

I just tried some ZF examples, like Magento Commerce...when cookies are disabled I cannot add products to a shopping cart.

I figured this might be the case because when cookies are disabled, SESSIONS are propagated via the URL by appending a &PHPSESSID=blahblah

So I tested this theory on ONE ZF application as I figured it would likely use mod_rewrite

Can anyone else test this to confirm??? Have you tried on other mod_rewrite applications with cookies disabled???

Just curious
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

What is the connection between mod_rewrite rules and sessions? I can't seem to put the two together based on what you've said.

Do you mean, session ids can't be added onto the url's because of mod_rewrite rules?
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

scottayy wrote:What is the connection between mod_rewrite rules and sessions? I can't seem to put the two together based on what you've said.

Do you mean, session ids can't be added onto the url's because of mod_rewrite rules?
When cookies are disabled SESSION's propagate the SESSION ID via all URL's - yes. Therefore, you will loose the session on javascript generated links because the SID is inserted by using output buffering prior to sending to screen.

Not sure how it finds URL's whether it looks for href="" or whether it's more specifc...

If mod_rewrite is used and cookies are disabled, then URL propagation is required. When SESSION finds a href attribute which is SEO such as:

Code: Select all

href="/controller/action/value"
There is no way SESSION support could be aware mod_rewrite is being used so the above URL is appended with the SID like this:

Code: Select all

href="/controller/action/value&PHPSESSID=hdf84gf74bg8e4bfghe8fbfghf8ud..."
SESSION ID's are lost because I don't believe &PHPSESSID=xxx is parsed properly and therefore not stored in the appropriate GET variable. At least this is my theory. :P

When I tested this hunch - using a well known ZF application, sure as sh*t it failed as I expected it would.

I want to know whether this is common (well known) or an oversight most ignore - assuming cookies will always be available.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Mod_rewrite can be set to append a querystring (I believe with the QSA flag) so this should not be an issue.

Did you do a var_dump() of $_GET to see what is coming in the querystring?
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

Everah wrote:Mod_rewrite can be set to append a querystring (I believe with the QSA flag) so this should not be an issue.

Did you do a var_dump() of $_GET to see what is coming in the querystring?
Ahh good point. :)
Post Reply