Results 1 to 10 of 10
Apr 8, 2009, 16:56 #1
- Join Date
- May 2004
- Quebec, Canada
- 0 Post(s)
- 0 Thread(s)
mod_rewrite interfering with PHP sessions?
I've got a simple login script to which I've added a anti-CSRF method. Basically the insertion of a token in the login form and also in a session variable called "token". When the login is validated, it checks the session variable with the hidden token and if they match then no attack was done. After that, the session variable is destroyed.
That part worked fine until I've used mod_rewrite to have nice urls. The rewrite code is the following :
RewriteEngine on RewriteBase / RewriteRule ^page/(.*) /index.php?module=Osmose&class=Affichage&nom_page_mod_rewrite=$1 RewriteRule ^edition/(.*) /index.php?module=Osmose&class=Edition&nom_page_mod_rewrite=$1