PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I have an ecom site, but it uses cookies. We've had some problems with customers having cookies turned off and their stuff wont keep in the shopping cart.
I want to do a check if the user uses cookies or not so I can either do a javascript test or use php to set and test a cookie like this:
<?php
setcookie("cookie_check", 'Cookie Accepted', time()+7200);
if(!isset($HTTP_COOKIE_VARSї'cookie_check'])) {
DO A REDIRECT TO A PAGE TELLING THE CUSTOMER ABOUT COOKIES
}
?>
well, if you are using sessions. the enable_trans_sid directive will cause the session id to be propagated along with the link, the user sees it but at least it works and you don't have to change your code.
Not really any more than it would be if in a cookie, sessions can be hijacked if they can guess/sniff the sessionid.
JPlush76 wrote:is it worth coding around people that don't accept cookies?
It depends on your expected audience, I do most of my work with corporate users with stringent security requirements and picky firewalls so for me it is a requirement.
"You have turned cookies off, and you will be using sessions, this is a little less secure, but if you wish to be safer you can use cookies"
now, it would be cool if you could figure out how to make it so, if cookies were enabled.. the session used cookies, but if they aren't, they used the link method..
you might check the cookie at the beginning of each page. If your script can't retrieve the session-id cookie it enables trans_id. The warning message probably would be appropriate within the login-check script.
hob_goblin wrote:
now, it would be cool if you could figure out how to make it so, if cookies were enabled.. the session used cookies, but if they aren't, they used the link method..
???, that's exactly what php already does. Why would you want to build it yourself?
JPlush76 wrote:hedge, how would I go about setting that up?
in your php.ini
[Session]
session.use_cookies=1
session.use_trans_sid=1
beware, especially if on linux that it can be compiled without --enable-trans-sid so it may need to be re-compiled
PHP attempts to use cookies, if it can't use cookies then the use_trans_sid parameter tells it to add the sid to your links, form posts etc. You do still need to add it to any Header commands.