Tell me if this can be done, and if I have a misconception here.
I am writing an app that will be served up in an app farm, and
therefore I need to move the session information to the client, not
using server-side session features. The way I have typically done this
in the ASP world was with cookies. Another way to handle this is with
a keyed record in a database, but the cookie strategy reduces the
number of times I need to hit a database, and allows me to scale the
application better by not using a database table to store session
information.
However, I recently heard from a developer that, to get around the
restrictions on cookies, their product switched to reading and writing
custom headers. (The product, by the way, was Plumtree Corporate
Portal.) Specifically the restrictions on cookies are from the
goofball folks who install cookie security products or turn these off.
(Gee, switching to the latest Mozilla always saved me the trouble of
messing with cookie security holes.)
So, I decided to start reading and writing custom headers. I want to,
for instance, store a custom header, send a location header to
redirect to another page, and then read that custom header back.
(Imagine a login scenario where I verify login and then want to store
a user's full name in a header, then redirect them to the main menu
page.)
I guess that would mean:
$varlabel = 'FULLNAME';
$varvalue = 'Google Mike';
Header('TRACK_' . $varlabel . ': ' . $varvalue);
Header('Locatio n: mainmenu.php'); //does a redirect
Exit;
But then on mainmenu.php, when I try to read all the headers back
with...
$headers = getallheaders() ;
while (list($key, $val) = each($headers)) {
echo "$key => $val<BR>\n";
}
....I don't see any of the TRACK_* headers I was storing. What's the
catch?
I am writing an app that will be served up in an app farm, and
therefore I need to move the session information to the client, not
using server-side session features. The way I have typically done this
in the ASP world was with cookies. Another way to handle this is with
a keyed record in a database, but the cookie strategy reduces the
number of times I need to hit a database, and allows me to scale the
application better by not using a database table to store session
information.
However, I recently heard from a developer that, to get around the
restrictions on cookies, their product switched to reading and writing
custom headers. (The product, by the way, was Plumtree Corporate
Portal.) Specifically the restrictions on cookies are from the
goofball folks who install cookie security products or turn these off.
(Gee, switching to the latest Mozilla always saved me the trouble of
messing with cookie security holes.)
So, I decided to start reading and writing custom headers. I want to,
for instance, store a custom header, send a location header to
redirect to another page, and then read that custom header back.
(Imagine a login scenario where I verify login and then want to store
a user's full name in a header, then redirect them to the main menu
page.)
I guess that would mean:
$varlabel = 'FULLNAME';
$varvalue = 'Google Mike';
Header('TRACK_' . $varlabel . ': ' . $varvalue);
Header('Locatio n: mainmenu.php'); //does a redirect
Exit;
But then on mainmenu.php, when I try to read all the headers back
with...
$headers = getallheaders() ;
while (list($key, $val) = each($headers)) {
echo "$key => $val<BR>\n";
}
....I don't see any of the TRACK_* headers I was storing. What's the
catch?
Comment