Page 1 of 1

PHP Session Cookie disabled solution

Posted: Mon May 11, 2009 7:29 am
by ehsun7b
As I remember my first days on learning PHP, I've heard that PHP sessions ($_SESSION) is implemented by cookies and I the cookies are disabled on the client's machine PHP will save session data as an encrypted string at the end of the URL! I tested this idea that time and I saw the encrypted string. Now I'm using PHP 5.2 and I noticed that if the client's machine does not accept cookies, the PHP scripts which are using $_SESSION can not access it and there is no alternative way for them. Why is that? And what should I do in order to use $_SESSION in the cookie-disabled machines??? 8)

Re: PHP Session Cookie disabled solution

Posted: Mon May 11, 2009 10:46 am
by Yossarian
[quote=php.ini]; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
session.use_only_cookies = 1[/quote]

Maybe you have a setting like that in your ini file, or somewhere, but sounds like an ini file issue to me.