Any other solutions for people that don't accept cookies?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
JPlush76
Forum Regular
Posts: 819
Joined: Thu Aug 01, 2002 5:42 pm
Location: Los Angeles, CA
Contact:

Any other solutions for people that don't accept cookies?

Post by JPlush76 »

I have an ecom site, but it uses cookies. We've had some problems with customers having cookies turned off and their stuff wont keep in the shopping cart.

I want to do a check if the user uses cookies or not so I can either do a javascript test or use php to set and test a cookie like this:

Code: Select all

<?php
setcookie("cookie_check", 'Cookie Accepted', time()+7200); 
if(!isset($HTTP_COOKIE_VARSї'cookie_check'])) { 
	DO A REDIRECT TO A PAGE TELLING THE CUSTOMER ABOUT COOKIES
}
?>
are there any other solutions out there?
hedge
Forum Contributor
Posts: 234
Joined: Fri Aug 30, 2002 10:19 am
Location: Calgary, AB, Canada

Post by hedge »

well, if you are using sessions. the enable_trans_sid directive will cause the session id to be propagated along with the link, the user sees it but at least it works and you don't have to change your code.
JPlush76
Forum Regular
Posts: 819
Joined: Thu Aug 01, 2002 5:42 pm
Location: Los Angeles, CA
Contact:

Post by JPlush76 »

isnt' that a security risk?

is it worth coding around people that don't accept cookies?
hedge
Forum Contributor
Posts: 234
Joined: Fri Aug 30, 2002 10:19 am
Location: Calgary, AB, Canada

Post by hedge »

JPlush76 wrote:isnt' that a security risk?
Not really any more than it would be if in a cookie, sessions can be hijacked if they can guess/sniff the sessionid.
JPlush76 wrote:is it worth coding around people that don't accept cookies?
It depends on your expected audience, I do most of my work with corporate users with stringent security requirements and picky firewalls so for me it is a requirement.
User avatar
hob_goblin
Forum Regular
Posts: 978
Joined: Sun Apr 28, 2002 9:53 pm
Contact:

Post by hob_goblin »

What I would do is have a little message...

"You have turned cookies off, and you will be using sessions, this is a little less secure, but if you wish to be safer you can use cookies"

now, it would be cool if you could figure out how to make it so, if cookies were enabled.. the session used cookies, but if they aren't, they used the link method..
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

you might check the cookie at the beginning of each page. If your script can't retrieve the session-id cookie it enables trans_id. The warning message probably would be appropriate within the login-check script.
JPlush76
Forum Regular
Posts: 819
Joined: Thu Aug 01, 2002 5:42 pm
Location: Los Angeles, CA
Contact:

Post by JPlush76 »

where do I set the trans_id?

I tried to do it in the php.ini file but it didn't seem to do anything

I set it to 1
hedge
Forum Contributor
Posts: 234
Joined: Fri Aug 30, 2002 10:19 am
Location: Calgary, AB, Canada

Post by hedge »

hob_goblin wrote: now, it would be cool if you could figure out how to make it so, if cookies were enabled.. the session used cookies, but if they aren't, they used the link method..
???, that's exactly what php already does. Why would you want to build it yourself?
JPlush76
Forum Regular
Posts: 819
Joined: Thu Aug 01, 2002 5:42 pm
Location: Los Angeles, CA
Contact:

Post by JPlush76 »

hedge, how would I go about setting that up?
hedge
Forum Contributor
Posts: 234
Joined: Fri Aug 30, 2002 10:19 am
Location: Calgary, AB, Canada

Post by hedge »

JPlush76 wrote:hedge, how would I go about setting that up?
in your php.ini
[Session]
session.use_cookies=1
session.use_trans_sid=1

beware, especially if on linux that it can be compiled without --enable-trans-sid so it may need to be re-compiled

PHP attempts to use cookies, if it can't use cookies then the use_trans_sid parameter tells it to add the sid to your links, form posts etc. You do still need to add it to any Header commands.

http://www.php.net/manual/en/ref.session.php
Post Reply