|
|
Posted by anirudh dutt on 11/25/05 03:56
hi
some thoughts on session cookies...
when setting the domain for the cookie, u could use
$_SERVER['HTTP_HOST'] which would be 'example.com' or
'www.example.com' i.e.
session_set_cookie_params(30*60, '/', $_SERVER['HTTP_HOST'], false);
(assuming u don't want to set it for subdomains)
if the webserver isn't running on port 80 then $_SERVER['HTTP_HOST']
is 'example.com:101'. on www.example.com:101 or sub.example.com:101,
$_SERVER['SERVER_NAME'] is 'example.com' in which case the browser
rejects it (which it's supposed to). ofcourse this could be solved by
doing something like
list ($host, $port) = split(':', $_SERVER['HTTP_HOST']);
$host is 'sub.example.com'
$port is '101'
if the 'domain' parameter in session_set_cookie_params is empty or not
specified along with the 'secure' field, it's handled properly by the
server, accepted by the browser, etc. strange that not specifying it
helps since u'd want ur script to run regardless of the server config
and as long as u can set certain parameters and control whether it
applies to subdomains or the primary domain.
set-cookie2 supports the port directive (http://www.faqs.org/rfcs/rfc2965.html)
Port[="portlist"]
dunno about implementation or browser support.
it would be good if the php handled this either using set-cookie2 or
stripping it from the domain...similar behaviour to when it's not
specified.
a comment was posted about this on the setcookie page
(http://php.net/manual/en/function.setcookie.php#36202) which i think
should be added to the function docs.
anirudh
--
]#
Anirudh Dutt
.....pilot of the storm who leaves no trace
like thoughts inside a dream
Navigation:
[Reply to this message]
|