Ensuring that sessions work even if cookies are turned off
Moderator: General Moderators
Ensuring that sessions work even if cookies are turned off
Is the only way to ensure that sessions will work with cookies turned off by adding the ?PHPSESSID=blablabla to every link on your site? Is there a better way? I have always wondered, but never asked.
How? You still need the session ID to link to.GM wrote:Doing it this way, you don't need cookies or to add anything to the URL.
PHP passes it one of two ways - via session cookies, or via the url.
I use db-driven sessions, and if cookies are off, AND you prevent url passing, the sessions do not work (no session id to link to).
Please, if there is a way to do so, I'm interested.
Yes. You are right.
To be honest, I was assuming that because the sessions were being stored in the database (using a custom session handler), they were no longer being stored in a cookie. But... thinking now about it logically, there needs to be something on the client-side to tell the database what key to look for.
Sorry TNSG, my mistake.
To be honest, I was assuming that because the sessions were being stored in the database (using a custom session handler), they were no longer being stored in a cookie. But... thinking now about it logically, there needs to be something on the client-side to tell the database what key to look for.
Sorry TNSG, my mistake.
So, you have to physically append the ?PHPSESSID=blablabla to every link? Is this correct?
Code: Select all
echo "<a href='" . SID . "'>Link</a>";Actually, PHP will automagically do so for you, as long as you don't override that behavior.The Ninja Space Goat wrote:So, you have to physically append the ?PHPSESSID=blablabla to every link? Is this correct?Code: Select all
echo "<a href='" . SID . "'>Link</a>";
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
I think PHP tries to use cookie based sessions first, and if that fails then it resorts to URL SID propogation. That is why when you start a session, the very first page will add the session id to some URLs and to a hidden field in any forms that are on the page.
You don't have to code the URL append, PHP does it automatically.
You don't have to code the URL append, PHP does it automatically.
- AKA Panama Jack
- Forum Regular
- Posts: 878
- Joined: Mon Nov 14, 2005 4:21 pm
If you add this right before the session_start(); the PHPSESSID variable in the url should be surpressed.
Code: Select all
ini_set ("session.use_trans_sid","0");
session_start();