Page 1 of 1

Arrays, Sessions and Cookies - Oh My!

Posted: Tue Nov 08, 2005 3:43 pm
by Luke
What happens if cookies are disabled while using sessions. Where is the SID stored? The URL? Do I have to manually append the SID to the url just in case cookies are turned off? How does this work?

Posted: Tue Nov 08, 2005 3:50 pm
by vincenzobar
as far as i know seesions are sepreate from cookies and are work arounds for cookies. Although Sessions only last the life of the open window. you can store info from sessions and cookies by parse the $_GET, $POST, $_HTTP.. , $SERVER variables to use in scripts for your pages.

like if user came from a HTTP_REFERER 'google' make serch engine check box 'google' = true on a form!

Posted: Tue Nov 08, 2005 3:51 pm
by Luke
No, I'm pretty sure Sessions use cookies, and if they can't use those, they use the url to send the SID... anybody else know for sure?

Posted: Tue Nov 08, 2005 3:56 pm
by Charles256

Posted: Tue Nov 08, 2005 4:01 pm
by Luke
Thanks charles... but I've already read most of that. I was just hoping somebody would maybe lay it out in simple terms for me. A yes or no answer. I guess I'll read the rest.

Posted: Tue Nov 08, 2005 4:02 pm
by Luke
I was really hoping somebody would tell me if there is like a standard method if doing this or what? Are you SUPPOSED to append the SID to every URL or what??

Posted: Tue Nov 08, 2005 4:14 pm
by Charles256
actually in the first two paragraphs it tells you whether or not sessions use URL's. generally speaking don't append the SID to every url..it gets messy if nothing else;)

Posted: Tue Nov 08, 2005 4:21 pm
by Luke
Yes.. this is how I knew enough to say this...
No, I'm pretty sure Sessions use cookies, and if they can't use those, they use the url to send the SID...
I guess I should have worded this better. Thanks... your response did help, but what I am wondering is this...
How does the SID get passed along if Cookies are turned off. You said generally speaking, you don't want to appent the SID to every URL, but if you don't, how can you be sure it's going to be sent?

Posted: Tue Nov 08, 2005 4:32 pm
by Charles256
if they have cookies turned off append the sid to every URL or just store a token of some sort in a database to indicate their logged in and when they log out delete that token... the options are limitless?:-D

Posted: Tue Nov 08, 2005 4:36 pm
by Luke
Well wouldn't I have to append the SID to every URL anyway to make sure??

Never heard of this token idea... how does that work?

Posted: Tue Nov 08, 2005 4:41 pm
by Charles256
well.it seems antiquated but in theory i spose you could do the following..after they pass a log in muster you could do a query on every page checking to see if online="1" (to indicate online) where username="username" (username will have to be passed somehow or another, hidden fields? append to url? something.) and if so then show them logged in material. upon requesting logot change online to 0. seems kind of back water but I suppose that would work..

Posted: Tue Nov 08, 2005 5:34 pm
by Luke
Alright... I figured it out. There is a setting in the php.ini file that will tell the browser to automatically append the SID to the URL if set to 1...

session.use_trans_sid = 1

That was my answer. Now I know as long as that is enabled on a server, it will do it for me. This site uses that as far as I can tell. I logged in without cookies enabled and it appended it to the url.