My solution works except for the possible scenario of a user that has cookies disabled and therefore the session cookie is not created.
I want such a user to authenticate for every page instead of rejecting him altogether. No I got a problem I cannot solve due to probably a lack of understanding.
How is a session_start() handled if the sessioncookie is rejected and url trans is off as well?
Is a session_id created at all?
Can I use the $_SESSION array at all?
I am not sure about how sessions work in this case. I was thinking of check something like this in case the session is not created.
Code: Select all
<?php
if (!isset($_SESSION['auth'])) {
$_SESSION['auth'] = 0;
}
if (!isset($_SESSION['auth'])) {
// no session created
}
?>