Everything I create in PHP, and when using $_SESSION, will just fail to work if cookies are off.
I notice that with many sites, including sitepoint.com that it will automatically append the session id to the URL if cookies are off. So you can still log in and use Sitepoint even if cookies are turned off in the browser.
I know the security risks of this, but I want it to use cookies if the browser settings allow it, but fall back to setting the value in the URL if they are not.
I can’t get PHP to automatically do this, so what should I do? I just need to get PHP to register the value in the URL (if cookies are off), where as at the moment it just doesn’t maintain the session if cookies are off.
I’m guessing an answer might be something like: (1) append phpsessid=123 etc. to the URL and (2) add a certain setting to php.ini.
Thanks.
Hi,
Thanks, but just setting these values isn’t doing anything.
Also, adding a random value as the session id (?PHPSESSID=123hhh) isn’t working either.
Do I need to do anything else?
Now I’ve thought about it, I think it might be better to use JS/HTML5 local storage as a fallback if cookies are turned off.
I can do the JS, but how do I do the server-side part? Is this even possible?
Maybe I should post in the JS forum.
If cookies are turned off then I would like to use local/session storage to maintain the session id.
I can do the JS code for local/session storage, but how do I store a session id and maintain it etc?
It’s no good using javascript as the user could easily have javascript turned off. If a user has cookies block then from a security stand point you should just deny them access to whatever it is that needs cookies and have a polite error message displayed to the user explaining to use the site they must have cookies enabled. Perhaps point them to a more detailed explanation on your sites’ terms and conditions and/or privacy policy pages.
For future reference, if you feel a thread needs moving to a more appropriate forum, please click the report post button for the last post of the thread stating which forum the thread needs moving to. Thanks