Hi,

I believe PHP was compiled without the "--enable-trans-sid" flag.
Is there any particular reason for that?
The feature this flag enables sounds useful.

Regards,

FancyToy

Please show me the documentation where this configure switch is fully documented...

If it has merit worthy of inclusion, I will most likely include it in the next core release...

--
Terra
--Show me the money!--
FutureQuest

Hi,

There is an extract...

If both track_vars and register_globals are enabled, then the globals variables and the $HTTP_SESSION_VARS entries will reference the same value.

There are two methods to propagate a session id:

Cookies

URL parameter

The session module supports both methods. Cookies are optimal, but since they are not reliable (clients are not bound to accept them), we cannot rely on them. The second method embeds the session id directly into URLs.

PHP is capable of doing this transparently when compiled with --enable-trans-sid. If you enable this option, relative URIs will be changed to contain the session id automatically. Alternatively, you can use the constant SID which is defined, if the client did not send the appropriate cookie. SID is either of the form session_name=session_id or is an empty string.
The full story is on this page:

http://www.php.net/manual/ref.session.php

Thank you for your attention.

FancyToy

Ok, I'll add it to the next build of PHP4...

It seems this will bind in nicely to Ralf Engelschalls MM library which I custom compile for the Apache SSL servers...[nbsp][nbsp]I can now remerge the MM code into PHP for cleaner session management...

--
Terra
--Ever tried to share information across Apache modules, it's *not* pretty!--
FutureQuest

Terra,

This is great news. I also thought it would serve not only me, but the community as a whole.

I have another question for you...hopefully, you won't start to think I am a pest of a customer... ;-)

How about mod_fastcgi?

I understand that you want to keep Apache's processes as lean as possible, but I thought I would ask anyway...

In your experience, is using PHP (with the appropriate module built into Apache) more efficient than using FastCGI?
Did you run any benchmark?
Or, is it something, such as mod_perl, that is unmanageable in the context of an ISP?

Thank you for your attention.

FancyToy

FastCGI does not have anything like PHP's SAFE_MODE operation. When you run something such as a PHP module, or mod_fastcgi/mod_perl, the scripts run as whatever user the Apache process is running as ('apache' in our case). PHP's SAFE_MODE allows this to happen with relative security, as it prevents accessing files not owned by the user running the script -- but mod_perl and FastCGI do not have anything like that, thus they cannot be offered while maintaining any level of security/privacy.

------------------
Justin Nelson
FutureQuest (http://www.FutureQuest.net/index.php) Support