Welcome to WebmasterWorld Guest from 220.127.116.11
I currently have a script using sessions. I do understand that if the server cannot set a cookie on a web browser that PHP sees this and manipulates the HTML to include a hidden POST filed so that the form data is always being POSTed and stored in the server sessions.
php_flag session.use_cookies 0
However, unless something has changed recently, the PHP session code does not use POST data to pass the session ID, but GET data. This means that the session ID is appended to the URL.
>>I wonder if there are any ramifications for not using cookies?
Are you aware of session hijacking? If not, you may want to read the "session fixation" link from the PHP Session handling [php.net] page. Should give you a good feel for session management and possibilities.
Simply set a cookie using php and then check if its there if it isnt then cookies arent enabled.
Sorry I wasnt specific enough with my question :), how can you test to see if a session cookie was accepted by the client? I would rather not set a cookie just to check if the user has cookies enabled, there must be someway to check if the session cookie was accepted?
It's as simple as setting a session variable. Next time you want to know if they accepted the cookie, check the session variable. It it isn't set, they didn't accept the cookie.
// If user logged in and we validated it as OK, set a session variable:
$_SESSION['user_password'] = $_POST['user_password'];
// Later on we want to know if the user logged in and accepted our cookie:
if (!isset($_SESSION['user_password'])) return false;