SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Addict
    Join Date
    Sep 2008
    Posts
    341
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Managing sessions without cookies

    Everything I create in PHP, and when using $_SESSION, will just fail to work if cookies are off.

    I notice that with many sites, including sitepoint.com that it will automatically append the session id to the URL if cookies are off. So you can still log in and use Sitepoint even if cookies are turned off in the browser.

    I know the security risks of this, but I want it to use cookies if the browser settings allow it, but fall back to setting the value in the URL if they are not.

    I can't get PHP to automatically do this, so what should I do? I just need to get PHP to register the value in the URL (if cookies are off), where as at the moment it just doesn't maintain the session if cookies are off.

    I'm guessing an answer might be something like: (1) append phpsessid=123 etc. to the URL and (2) add a certain setting to php.ini.

    Thanks.

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    SitePoint Addict
    Join Date
    Sep 2008
    Posts
    341
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    Thanks, but just setting these values isn't doing anything.

    Also, adding a random value as the session id (?PHPSESSID=123hhh) isn't working either.

    Do I need to do anything else?

  4. #4
    SitePoint Addict
    Join Date
    Sep 2008
    Posts
    341
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Now I've thought about it, I think it might be better to use JS/HTML5 local storage as a fallback if cookies are turned off.

    I can do the JS, but how do I do the server-side part? Is this even possible?

    Maybe I should post in the JS forum.

  5. #5
    SitePoint Addict
    Join Date
    Sep 2008
    Posts
    341
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Session Storage fallback for when cookies are turned off

    If cookies are turned off then I would like to use local/session storage to maintain the session id.

    I can do the JS code for local/session storage, but how do I store a session id and maintain it etc?

  6. #6
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,014
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    It's no good using javascript as the user could easily have javascript turned off. If a user has cookies block then from a security stand point you should just deny them access to whatever it is that needs cookies and have a polite error message displayed to the user explaining to use the site they must have cookies enabled. Perhaps point them to a more detailed explanation on your sites' terms and conditions and/or privacy policy pages.

    For future reference, if you feel a thread needs moving to a more appropriate forum, please click the report post button for the last post of the thread stating which forum the thread needs moving to. Thanks
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •