Page 1 of 1

Any other solutions for people that don't accept cookies?

Posted: Wed Nov 20, 2002 1:47 pm
by JPlush76
I have an ecom site, but it uses cookies. We've had some problems with customers having cookies turned off and their stuff wont keep in the shopping cart.

I want to do a check if the user uses cookies or not so I can either do a javascript test or use php to set and test a cookie like this:

Code: Select all

<?php
setcookie("cookie_check", 'Cookie Accepted', time()+7200); 
if(!isset($HTTP_COOKIE_VARSї'cookie_check'])) { 
	DO A REDIRECT TO A PAGE TELLING THE CUSTOMER ABOUT COOKIES
}
?>
are there any other solutions out there?

Posted: Wed Nov 20, 2002 2:00 pm
by hedge
well, if you are using sessions. the enable_trans_sid directive will cause the session id to be propagated along with the link, the user sees it but at least it works and you don't have to change your code.

Posted: Wed Nov 20, 2002 2:49 pm
by JPlush76
isnt' that a security risk?

is it worth coding around people that don't accept cookies?

Posted: Wed Nov 20, 2002 6:45 pm
by hedge
JPlush76 wrote:isnt' that a security risk?
Not really any more than it would be if in a cookie, sessions can be hijacked if they can guess/sniff the sessionid.
JPlush76 wrote:is it worth coding around people that don't accept cookies?
It depends on your expected audience, I do most of my work with corporate users with stringent security requirements and picky firewalls so for me it is a requirement.

Posted: Wed Nov 20, 2002 8:05 pm
by hob_goblin
What I would do is have a little message...

"You have turned cookies off, and you will be using sessions, this is a little less secure, but if you wish to be safer you can use cookies"

now, it would be cool if you could figure out how to make it so, if cookies were enabled.. the session used cookies, but if they aren't, they used the link method..

Posted: Wed Nov 20, 2002 10:11 pm
by volka
you might check the cookie at the beginning of each page. If your script can't retrieve the session-id cookie it enables trans_id. The warning message probably would be appropriate within the login-check script.

Posted: Wed Nov 20, 2002 10:36 pm
by JPlush76
where do I set the trans_id?

I tried to do it in the php.ini file but it didn't seem to do anything

I set it to 1

Posted: Wed Nov 20, 2002 10:47 pm
by hedge
hob_goblin wrote: now, it would be cool if you could figure out how to make it so, if cookies were enabled.. the session used cookies, but if they aren't, they used the link method..
???, that's exactly what php already does. Why would you want to build it yourself?

Posted: Thu Nov 21, 2002 10:54 am
by JPlush76
hedge, how would I go about setting that up?

Posted: Thu Nov 21, 2002 3:26 pm
by hedge
JPlush76 wrote:hedge, how would I go about setting that up?
in your php.ini
[Session]
session.use_cookies=1
session.use_trans_sid=1

beware, especially if on linux that it can be compiled without --enable-trans-sid so it may need to be re-compiled

PHP attempts to use cookies, if it can't use cookies then the use_trans_sid parameter tells it to add the sid to your links, form posts etc. You do still need to add it to any Header commands.

http://www.php.net/manual/en/ref.session.php