Rewriting an Absolute URL with Session IDs

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Basically, I've got a project with a huge number of existing pages,
some absolute URL's, some relative. It's getting a new shopping cart
using sessions, and needs to work without cookies (client's
requirement, non-negotiable) if the user has them disabled. To that
end, I've enabled session.use_trans_sid which handles relative URL's.

The question is, does anyone have a good solution for rewriting
absolute URL's? I know, I know, offsite links could leak sessions and
be a security risk. This particular client has almost zero offsite
links (to Thawte and the like mostly), and there are other
anti-session hijacking measures implemented, so they've decided it's
an acceptable risk.

It's PHP 4.3.x, Apache 2.x, on a dedicated server, so just about any
implementation is possible (no shared hosting provider to beg access


Re: Rewriting an Absolute URL with Session IDs (name?) wrote in message
Quoted text here. Click to load it

function my_rewrite($buffer)
   if ($buffer contains absolute urls of same site)
         fix $buffer by appending SID
   return $buffer;


 |  Just another PHP saint  |
Email: rrjanbiah-at-Y!com

Site Timeline