473,624 Members | 2,223 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Why Do PHP Cookies and Sessions Work Even When Cookies Are Disabled?

3 New Member
I am trying to explain how cookies and sessions work in a class I teach, but I have hit a wall when it comes to the interaction between cookies and the state of the privacy settings in Internet Explorer. I would appreciate any help anyone can offer, please.

First, consider the following very simple JavaScript function:

Expand|Select|Wrap|Line Numbers
  1. function CookiesEnabled() {
  2.   SetCookie( "testcookie", "testcookie" ) ;
  3.   var bCookiesEnabled = 
  4.       ( GetCookie( "testcookie" ) == "testcookie" ) ;
  5.   DeleteCookie( "testcookie" ) ;
  6.   return bCookiesEnabled ;
  7. }
This function indeed returns true or false depending upon the IE privacy settings. When I block cookies, indeed the function returns false.

Now consider two very simple PHP scripts:

Expand|Select|Wrap|Line Numbers
  1. <?php   // BareBonesGetCookie.php
  2.   print "<p>Cookie 'name' is set to: " .
  3.     $_COOKIE['name'] . "</p>" ;
  4. ?>
  5.  
  6. <?php   // BareBonesSetCookie.php
  7.   setcookie( "name", "Jesse" ) ;
  8.   print "<p>Cookie 'name' has been set to: " .
  9.     $_COOKIE['name'] . "</p>" ;
  10. ?>
If I run the first script first, I get a blank result as expected. But if I run the second and then the first, I get "Cookie 'name' is set to: Jesse" regardless of my IE privacy settings. I do not understand this.

Here's the example that is really causing me fits. I have written a very simple PHP 5 script that stores some data in session variables:

Expand|Select|Wrap|Line Numbers
  1. <?php  // Script #1
  2.   session_start() ;
  3.   $_SESSION[ "FirstName" ] = "Robert" ;
  4.   $_SESSION[ "LastName" ] = "Thompson" ;
  5. ?>
I can then retrieve the data with another script:

Expand|Select|Wrap|Line Numbers
  1. <?php  // Script #2
  2.   session_start() ;
  3.   print "<h2>RetrieveSessionVariables.php</h2>" ;
  4.   if ( isset( $_SESSION[ 'FirstName' ] ) ) {
  5.     print "<p><i>First Name:</i>&nbsp; " . 
  6.         $_SESSION[ 'FirstName' ] ;
  7.     print "<br/><i>Last Name:</i>&nbsp; " . 
  8.         $_SESSION[ 'LastName' ] . "</p>" ;
  9.   } else {
  10.     print "<p>The session variables are not set.</p>";
  11.   }
  12. ?>
This all works just fine. However, it works even when cookies are disabled. This is what I cannot understand.

I have read the postings on this and other websites that state that session IDs can be passed in URL parameters, hidden form fields, or cookies. In the case of the simple code above, it seems to me that the only option is cookies. But when I run the above code from my web server (a real server that I must access through the Internet, not just locahost) and push the Internet Explorer privacy settings to their maximum, disabling all cookies, Script #2 still prints the data stored in the session variables.

I have shut down all instances of IE to make sure that the session is closed. I have run Script #2 first and indeed I get the message that the session variables are not set. But if I then run Script #1 followed by Script #2, I see the values in the session variables.

The way I understand that session IDs work with cookies is illustrated in the figure posted at:

http://www.onlamp.com/pub/a/php/exce...ex.html?page=2

This figure and everything I read tells me that cookies must be enabled for sessions to work (assuming that one is not using forms). I am quite sure that I know how to block cookies, as evidenced by the JavaScript code at the top of this posting and the fact that it behaves properly when I change my browser privacy settings.

I would really appreciate it if someone could please explain to me what's going on here, that is, why PHP cookies and sessions seem to work regardless of my browser privacy settings.

Thank you sincerely.

Jesse Heines
Computer Science
UMass Lowell
May 20 '07 #1
5 5557
pbmods
5,821 Recognized Expert Expert
Heya, Jesse. Welcome to TSDN!

Internet Explorer has a separate option to accept session cookies regardless of whether it is set to accept cookies in general. Make sure this option is set properly.

Have you tried running your script in Firefox with cookies disabled? This could be an IE-specific thing, or it might be a 'feature' of web browsers....

And that's the point where my educated guesses stop being so educated. Hope this helps!
May 20 '07 #2
jheines
3 New Member
Thank you for your reply, pbmods.

> Internet Explorer has a separate option to accept
> session cookies regardless of whether it is set to
> accept cookies in general. Make sure this option
> is set properly.

Yes, I am familiar with that (in the Advanced options), and I unchecked "Always allow session cookies" to no avail. I know I had session cookies disabled because I could not log in to my Fidelity account with those settings. (The Fidelity website is about as secure as a website can be and definitely uses some type of session, although I don't thinks it's a PHP site.)

> Have you tried running your script in Firefox with
> cookies disabled? This could be an IE-specific
> thing, or it might be a 'feature' of web browsers....

Ah, that suggestion was excellent. Cookie control is indeed much simpler under Firefox, and when I simply unchecked the "Allow sites to set Cookies" checkbox indeed my code worked as expected. That is, the simple cookie scripts would not store cookies and the simple session scripts would not maintain state across webpages.

My conclusion at this point is that you must be right that this is some IE-specific issue. Perhaps it's just IE6. I have another system with IE7 installed, and I'll try it on that one.

Thanks a million for your reply ... on behalf of my students as well as myself! :)

Jesse

PS: Thanks also for editing my posting to teach me about adding the language to the CODE tag in this software to achieve syntax highlighting. Very cool... :)
May 20 '07 #3
jheines
3 New Member
In my last posting I wrote:

> Perhaps it's just IE6. I have another system with
> IE7 installed, and I'll try it on that one.

I did, and there blocking cookies correctly prevents PHP sessions from working, just as it does on Firefox.

The Privacy settings dialog box in IE7 is exactly the same as that in IE6, but the results appear to be different. Perhaps something is "broken" on the system I use IE6 on, but at least I now understand that I had the concept right, thanks to pbmods's suggestion.

(I need to keep IE6 on my main system due to my need to use an administrative web app at the university that does not yet work with IE7.)

Thanks again,
Jesse
May 20 '07 #4
Atli
5,058 Recognized Expert Expert
I'm not sure why your cookies would be stored if they have been turned off, but it is possible that PHP session ID's are transmitted using POST / GET.
May 21 '07 #5
salman143
1 New Member
Yes php session will work either cookie is disable.please check this link ... http://phpsollutions.blogspot.com/20...ies-if-so.html
Jun 5 '14 #6

Sign in to post your reply or Sign up for a free account.

Similar topics
5
3182
Check for cookies
by: TG | last post by:
This is more of a pain than I thought it would be. I need a simple code segment to determine whether a browser accepts cookies or not. When I pass variables between pages when cookies are turned off, the global variables are empty between pages, fine, that tells me cookies store the global variables - right? I store the values in $_session and when cookies are turned on values are passed between web pages - I can see these values in fields...
PHP
2
4704
Detecting no session cookies supported by browser
by: Tom | last post by:
Hi, I would like to use the standard PHP sessions and I understand they rely on the target web browser to support session cookies. I have tried the following code: <? session_start(); if (!session_id()) { //no support for session
PHP
1
2809
cookies and sessions
by: windandwaves | last post by:
Hi Gurus I am basically sorry that I have to bother you about this. I am a PHP beginner and I have been studying sessions and cookies over the last few weeks. I have learned lots, but I am missing the big picture. Is it like this: 1. user comes to site 2. user does something (e.g. a search) that may be useful later => session
PHP
0
14692
HTTPClient Cookies and Session- What am I doing wrong??
by: Maverick | last post by:
Hello all, I read some good reviews about jakarta HTTPClient about its session and cookies management system and fancied giving it a try as a learning exercise but somehow I don't seem to be able to get it to work properly. I'm basically trying to connect to this site http://s1.starkingdoms.com/scripts/main.php I am able to get past the authentication login page onto the next screen but I then can't proceed any further because of...
Java
9
2529
Cookies - Is this possible?
by: | last post by:
Is it possible for a user to enable permanent cookies but disable session cookies.....this seems like a contradition yet this is what I appear to be reading in online articles?
ASP / Active Server Pages
3
2096
frames and cookies
by: Marcin Gorzynski | last post by:
Hi Our partner is using our page in a frame. That couses a problem because our domain is unable to issue the cookie also session does not work. each time you click in the frame new session is created. Is there any way that cookie can be issed , some way to go arround frames restrictions. Thanks for your help. Marcin Gorzynski marcin@apartmentsapart.com
.NET Framework
6
6442
Eternal Debate: Cookies vs. Sessions vs. QueryString
by: Paul | last post by:
Here is a question that should get everyone going. I have an ecommerce site where I need to pass the order_id to every page. So which method is the best practice to pass this variable between pages: Cookies or Session variable or by the HTTP header (either GET querystring or POST form)? I do not like to use sessions because they time out after 20 minutes of inactivity.
ASP.NET
8
2752
sessions - with or without cookies
by: Chuck Anderson | last post by:
I've instituted a sessions based scheme on my web site to combat hot linking to my images. When someone requests a page at my site, I set a session variable. I then use htaccess to redirect *all* image requests to a Php script that checks for that variable before simply delivering the image. Direct links to my images will fail this test and no image is served. I am monitoring my script by sending emails to myself and finding that...
PHP
3
4913
Cookies and session variables
by: damezumari | last post by:
To find out were session variables are stored I included this instruction in my program: echo ini_get("session.save_path"); The reply was /home/7604/data/tmp which is a folder on my server. I look at /home/7604/data/tmp and it is full of session files for today. Even so, if I have cookies blocked for my site http://easyquestion.net
PHP
0
8238
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
8174
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
8680
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
1
8336
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
8478
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
7164
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
5565
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
4082
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
1
2607
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us