Rewriting an Absolute URL with Session IDs

Basically, I've got a project with a huge number of existing pages,
some absolute URL's, some relative. It's getting a new shopping cart
using sessions, and needs to work without cookies (client's
requirement, non-negotiable) if the user has them disabled. To that
end, I've enabled session.use_trans_sid which handles relative URL's.

The question is, does anyone have a good solution for rewriting
absolute URL's? I know, I know, offsite links could leak sessions and
be a security risk. This particular client has almost zero offsite
links (to Thawte and the like mostly), and there are other
anti-session hijacking measures implemented, so they've decided it's
an acceptable risk.

It's PHP 4.3.x, Apache 2.x, on a dedicated server, so just about any
implementation is possible (no shared hosting provider to beg access
from)

Thanks

re: Rewriting an Absolute URL with Session IDs

google@robot138.com (name?) wrote in message news:<b253dee6.0408160828.1d28a452@posting.google. com>...
<snip>[color=blue]
> The question is, does anyone have a good solution for rewriting
> absolute URL's? I know, I know, offsite links could leak sessions and
> be a security risk. This particular client has almost zero offsite
> links (to Thawte and the like mostly), and there are other
> anti-session hijacking measures implemented, so they've decided it's
> an acceptable risk.[/color]

<?php
function my_rewrite($buffer)
{
if ($buffer contains absolute urls of same site)
{
fix $buffer by appending SID
}
return $buffer;
}

ob_start('my_rewrite');
//rest...
?>


--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com