Page 1 of 1

Using sessions when all cookies are blocked by browser?

Posted: Sat Aug 04, 2007 10:26 pm
by flycast
I am checking to see if a customer is from a certain state. If they hit the index page the I have a script that checks for either a cookie or a session variable called state. If there is not one then they are redirected to a page called entry.php. At entry.php they select a state in a form and the form submits to the same page (entry.php). Entry.php checks to see if there is a state set using $_REQUEST['State'] and if there is sets a cookie and goes to the original page requested.

It works when I have cookies enabled but does not it I deny all cookies or deny the session cookie. My functions.php has "session_start()" at the top but that seems to reset the session id every time any page that calls it is executed.

How do I use sessions when all cookies are blocked?

Posted: Sat Aug 04, 2007 10:29 pm
by flycast
Oops!
My session settings are:

session.auto_start Off
session.use_cookies On
session.use_only_cookies Off
session.use_trans_sid Off

Posted: Sat Aug 04, 2007 10:29 pm
by RobertGonzalez
Sessions should default to using URI passed session ids when cookies are not available. What are you session settings in php.ini?

Posted: Sat Aug 04, 2007 10:50 pm
by flycast
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /home/2106/data/tmp /tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid Off Off

Posted: Sat Aug 04, 2007 11:35 pm
by Benjamin
In a nutshell, if cookies are disabled, your going to have to pass the Session ID in the URL for every page request.

Posted: Sun Aug 05, 2007 7:19 am
by flycast
Is that because even with transparent session id's enabled that the browser still has to set a cookie to keep track of the session?