homepage Welcome to WebmasterWorld Guest from 54.145.252.85
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Use sessions without a cookie
Schoolbag

10+ Year Member



 
Msg#: 2587 posted 9:06 pm on Jan 17, 2004 (gmt 0)

Hi,

I currently have a script using sessions. I do understand that if the server cannot set a cookie on a web browser that PHP sees this and manipulates the HTML to include a hidden POST filed so that the form data is always being POSTed and stored in the server sessions.

The question:
Is there a way to prevent the server from trying to set that first cookie? Im developing a script that may have privacy implications (dont ask ) and we may not want to use cookies but because of the complexity of the script we have to use sessions.

thanks!

 

BitBanger

10+ Year Member



 
Msg#: 2587 posted 10:12 pm on Jan 17, 2004 (gmt 0)

Add the following line to your .htaccess file:

php_flag session.use_cookies 0

This will disable the use of cookies for the session ID.

However, unless something has changed recently, the PHP session code does not use POST data to pass the session ID, but GET data. This means that the session ID is appended to the URL.

Schoolbag

10+ Year Member



 
Msg#: 2587 posted 12:30 am on Jan 18, 2004 (gmt 0)

that worked, thanks!

Schoolbag

10+ Year Member



 
Msg#: 2587 posted 12:31 am on Jan 18, 2004 (gmt 0)

I wonder if there are any ramifications for not using cookies?

coopster

WebmasterWorld Administrator coopster us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 2587 posted 9:02 pm on Jan 18, 2004 (gmt 0)

>>Im developing a script that may have privacy implications (dont ask ) and we may not want to use cookies but because of the complexity of the script we have to use sessions.

>>I wonder if there are any ramifications for not using cookies?

Are you aware of session hijacking? If not, you may want to read the "session fixation" link from the PHP Session handling [php.net] page. Should give you a good feel for session management and possibilities.

Reflection

10+ Year Member



 
Msg#: 2587 posted 12:26 am on Feb 3, 2004 (gmt 0)

Using php is it possilbe to detect if the user's browser is set to accept cookies?

outrun

10+ Year Member



 
Msg#: 2587 posted 12:33 am on Feb 3, 2004 (gmt 0)

Simply set a cookie using php and then check if its there if it isnt then cookies arent enabled.

Regards
Mark

WhosAWhata

10+ Year Member



 
Msg#: 2587 posted 1:23 am on Feb 3, 2004 (gmt 0)

a little off topic (sorry)
but my friends are not as "into" the internet as i am, and are therefore (understandably)concerned about files (cookies) being put on their computers, i'm sure that sessions are the way to go,
what are the best tutorials (besides php.net's) for learning to use sessions (note: i'm also pretty new into cookies...very basic)

Reflection

10+ Year Member



 
Msg#: 2587 posted 5:41 pm on Feb 3, 2004 (gmt 0)

Simply set a cookie using php and then check if its there if it isnt then cookies arent enabled.

Sorry I wasnt specific enough with my question :), how can you test to see if a session cookie was accepted by the client? I would rather not set a cookie just to check if the user has cookies enabled, there must be someway to check if the session cookie was accepted?

coopster

WebmasterWorld Administrator coopster us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 2587 posted 6:56 pm on Feb 3, 2004 (gmt 0)

Assuming you aren't allowing the SID to be passed via URL...

It's as simple as setting a session variable. Next time you want to know if they accepted the cookie, check the session variable. It it isn't set, they didn't accept the cookie.


// If user logged in and we validated it as OK, set a session variable:
$_SESSION['user_password'] = $_POST['user_password'];
// Later on we want to know if the user logged in and accepted our cookie:
if (!isset($_SESSION['user_password'])) return false;

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved