[imp] Session Keys in URL

Ben Gerber bgerber.lists@vkinetic.com
Wed, 18 Sep 2002 19:02:13 -0400


be sure to set the
cookie_path in registry.php

if you have it set to 'cookie_path' => '/horde'
then the session id will show up in your URL anytime you access any pages 
other then in yourdomain.tld/horde (such as yourdomain.tld/imp)

if you set it to '/' --- like this:
'cookie_path' => '/'

the cookies will work correctly for your entire domain

Hope that helps,
  - Ben


At 04:29 AM 9/18/02, you wrote:
>If anyone knows the answer to this question I would greatly appreciate a
>response.
>
>TIA
>
>Nigel Cass.
>
> >
> > I think that option must only be in the very latest PHP - (not in my
> > php-4.2.3)
> >
> > Under what circumstances does IMP use session keys in the URL ? - it
> > seems that it depends exactly what URL I type as to whether I get a
> > cookie or a session id in the URL.
> >
> > N.
> >
> > > -----Original Message-----
> > > From: imp-bounces@lists.horde.org
>[mailto:imp-bounces@lists.horde.org]
> > On
> > > Behalf Of Jan Schneider
> > > Sent: 17 September 2002 16:18
> > > To: imp@lists.horde.org
> > > Subject: Re: [imp] Session Keys in URL
> > >
> > > Zitat von Nigel Cass <N.Cass@Hull.ac.uk>:
> > >
> > > > I might be missing something obvious - (don't think so though,
>I've
> > > > checked things quite thoroughly) but is there a way of ensuring
>that
> > the
> > > > session key is never displayed in the URL ?
> > >
> > > In recent PHP versions (perhaps only from CVS) there is a php.ini
> > setting
> > > called 'session.use_only_cookies'.
> > > But be aware: sessions will only work if the users accept cookies
>you
> > > enable
> > > this setting.
> > >
> > > Jan.
>
>
>--
>IMP mailing list
>Frequently Asked Questions: http://horde.org/faq/
>To unsubscribe, mail: imp-unsubscribe@lists.horde.org