Sessions and SIDs |
Description: This article deals with the often misused append_sid() function. |
Author: sj26 |
Date: Sun Feb 16, 2003 2:18 pm |
Type: Info |
Keywords: append_sid, sid, session, log out, logged out, logout |
Category: MODifications |
|
So, you've made a great mod and it works fine. You release it and someone comes back saying "When I clicked on the xyz link it logged me out... why did this happen?" - and there's a simple answer.
When you click on a link to another page in phpBB, it needs to keep track of who you are, whether you're logged in, etc. It does this this using sessions, each user has a unique session id (SID). This is then sent back to the user usually to be stored as a cookie.
The append_sid() function works wonders with the session ID and makes sure that those users unfortunate enough to not have working cookies (yes, it has happened to me... ) can still stay logged in. Instead of storing a cookie, it adds the session ID as a GET variable with an url (ie xyz.php?sid=c0b8c3bd254eb8258176d7cfb94dcb9f). Without this, phpBB does a security check and logs you out.
By always making sure that you do this:
Code: | 'U_XYZ' => append_sid("xyz.$phpEx"), |
instead of
Code: | 'U_XYZ' => "xyz.$phpEx", |
you make sure that everyone is going to be able to use your mod.
You may be asking "Well, what if I have to use a url like xyz.php?foobar=nada?"... no problem! append_sid() will automatically recognise the '?' character and append '&sid=c0b8c3bd254eb8258176d7cfb94dcb9f' instead of '?sid=c0b8c3bd254eb8258176d7cfb94dcb9f'. Pretty clever, hey?
Another question you may ask is "What if I need to use it in a form?"... append_sid() is used on ALL URLS. No exceptions. I cannot stress that enough.
So that's the basics. Make sure you always use append_sid() and you'll be safe. (and you'll have one less bug to fix ) |
|
|