i am currently augmenting my session handling code with a function that will add the current session ID to a url if necessary--like when users have their cookies turned off.
question 1: is it safe and reliable? to check the auto-defined constant SID to determine if i should append the session id or does definition of this constant depend on php ini settings or some other variables?
question 2: does this code look like it might work?
$pattern = '#' . SESSION_NAME . '=#';
if ((SID != '') && !preg_match($pattern, $url)) {
if (strpos($url, '?') != false) {
$url .= "&" . SID;
} else {
$url .= "?" . SID;
}
}
i'm a bit concerned because if SID is not defined, then SID will not be equal to the empty string
