First, consider the following very simple JavaScript function:
Expand|Select|Wrap|Line Numbers
- function CookiesEnabled() {
- SetCookie( "testcookie", "testcookie" ) ;
- var bCookiesEnabled =
- ( GetCookie( "testcookie" ) == "testcookie" ) ;
- DeleteCookie( "testcookie" ) ;
- return bCookiesEnabled ;
- }
Now consider two very simple PHP scripts:
Expand|Select|Wrap|Line Numbers
- <?php // BareBonesGetCookie.php
- print "<p>Cookie 'name' is set to: " .
- $_COOKIE['name'] . "</p>" ;
- ?>
- <?php // BareBonesSetCookie.php
- setcookie( "name", "Jesse" ) ;
- print "<p>Cookie 'name' has been set to: " .
- $_COOKIE['name'] . "</p>" ;
- ?>
Here's the example that is really causing me fits. I have written a very simple PHP 5 script that stores some data in session variables:
Expand|Select|Wrap|Line Numbers
- <?php // Script #1
- session_start() ;
- $_SESSION[ "FirstName" ] = "Robert" ;
- $_SESSION[ "LastName" ] = "Thompson" ;
- ?>
Expand|Select|Wrap|Line Numbers
- <?php // Script #2
- session_start() ;
- print "<h2>RetrieveSessionVariables.php</h2>" ;
- if ( isset( $_SESSION[ 'FirstName' ] ) ) {
- print "<p><i>First Name:</i> " .
- $_SESSION[ 'FirstName' ] ;
- print "<br/><i>Last Name:</i> " .
- $_SESSION[ 'LastName' ] . "</p>" ;
- } else {
- print "<p>The session variables are not set.</p>";
- }
- ?>
I have read the postings on this and other websites that state that session IDs can be passed in URL parameters, hidden form fields, or cookies. In the case of the simple code above, it seems to me that the only option is cookies. But when I run the above code from my web server (a real server that I must access through the Internet, not just locahost) and push the Internet Explorer privacy settings to their maximum, disabling all cookies, Script #2 still prints the data stored in the session variables.
I have shut down all instances of IE to make sure that the session is closed. I have run Script #2 first and indeed I get the message that the session variables are not set. But if I then run Script #1 followed by Script #2, I see the values in the session variables.
The way I understand that session IDs work with cookies is illustrated in the figure posted at:
http://www.onlamp.com/pub/a/php/exce...ex.html?page=2
This figure and everything I read tells me that cookies must be enabled for sessions to work (assuming that one is not using forms). I am quite sure that I know how to block cookies, as evidenced by the JavaScript code at the top of this posting and the fact that it behaves properly when I change my browser privacy settings.
I would really appreciate it if someone could please explain to me what's going on here, that is, why PHP cookies and sessions seem to work regardless of my browser privacy settings.
Thank you sincerely.
Jesse Heines
Computer Science
UMass Lowell