On Sat, 3 Nov 2001, [iso-8859-1] Lo�c wrote:
Hi List! Ok for session but as to me they are still quite buggy :(
For example, with "track_vars" set:
Just try to set register_globals to "off" (it's the recomended value) and you'll face a really annoying bug that exists from php 4.0.1-pl1 to the current 4.0.6 version (it seems to be fixed in the current cvs for the 4.1.0 version) : $HTTP_SESSION_VARS is not updated when you use session_register('my_var')!
No set register_globals to "on" and you will see that $HTTP_SESSION_VARS is not more updated (while it should because "track_vars" is on).
See also php bug reports #5329, #11861, #12600.... and users notes at this url: http://www.php.net/manual/en/ref.session.php
In a few words it means it will be very hard to know "which" session data to use.
Could we possibly get around this by setting/unsetting the register_globals in the config.inc.php3 ?
'session' session-based, customized login panel, session id propagated by URL (still use stduser?)
Hum, how can we skip "stduser" ? The problem is not related to session IMHO but to the MySQL version: if 3.23.4+ we may skip "stduser" since the "SHOW GRANTS" MySQL statement is usable, else there is no better way than "stduser" to get the user privileges.
We would still need the stduser account to get the database list. SHOW GRANTS does not show databases that everybody has access to. It only shows databases where explict rights have been granted to the user.