By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,640 Members | 1,581 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,640 IT Pros & Developers. It's quick & easy.

session cookies

P: n/a
I know that when you start a session in PHP, the "cookie" it creates is
not the same as those that are stored in your browser's temp folder, and
instead is kept in RAM. I am confused because in every session tutorial
I have ever read, the author invariably mentions the 2 main ways of
propagating sessions - through cookies and appended to the URL. The
author also almost always talks about the method being dependent on the
user's preferences, for example whether he/she accepts cookies. I am so
confused because I have tried setting my browser to reject all cookies,
and in php.ini I have session.use_cookies = 1. I have also restarted
apache with both session.use_only_cookies = 1 and with it commented out
as it is by default. In all cases, my scripts always work exactly like
they should. As far as I can tell, if I am explicitly saying that PHP
MUST use cookies to handle my sessions, and I am setting my browser to
reject ALL cookies, my script should not execute successfully. Also,
when I output the contents of $_COOKIE, I get my valid session id,
meaning the cookie is being set. Meanwhile, trying to log in to other
sites on the web that require cookies fails (as it should). If setting
my browser to reject all cookies has no effect, what else could a user
possibly do to make sessions using cookies not work? Thanks a bunch.
Nov 22 '05 #1
Share this Question
Share on Google+
7 Replies


P: n/a
You didn't set use_only_cookies ? In that case, PHP should use a GET
parameter in the URL for communicating the session ID.

Marcus wrote:
I know that when you start a session in PHP, the "cookie" it creates is
not the same as those that are stored in your browser's temp folder, and
instead is kept in RAM. I am confused because in every session tutorial
I have ever read, the author invariably mentions the 2 main ways of
propagating sessions - through cookies and appended to the URL. The
author also almost always talks about the method being dependent on the
user's preferences, for example whether he/she accepts cookies. I am so
confused because I have tried setting my browser to reject all cookies,
and in php.ini I have session.use_cookies = 1. I have also restarted
apache with both session.use_only_cookies = 1 and with it commented out
as it is by default. In all cases, my scripts always work exactly like
they should. As far as I can tell, if I am explicitly saying that PHP
MUST use cookies to handle my sessions, and I am setting my browser to
reject ALL cookies, my script should not execute successfully. Also,
when I output the contents of $_COOKIE, I get my valid session id,
meaning the cookie is being set. Meanwhile, trying to log in to other
sites on the web that require cookies fails (as it should). If setting
my browser to reject all cookies has no effect, what else could a user
possibly do to make sessions using cookies not work? Thanks a bunch.

Nov 22 '05 #2

P: n/a
Dikkie Dik wrote:
You didn't set use_only_cookies ? In that case, PHP should use a GET
parameter in the URL for communicating the session ID.


I tried it first with the default use_only_cookies being off, and then
with it on (checked phpinfo() to make sure), and it had no effect. The
session ID is not being propagated anywhere that I can see, and like I
said, echoing the contents of $_COOKIE shows the session id.
Nov 22 '05 #3

P: n/a
Following on from Marcus's message. . .
Dikkie Dik wrote:
You didn't set use_only_cookies ? In that case, PHP should use a GET
parameter in the URL for communicating the session ID.


I tried it first with the default use_only_cookies being off, and then
with it on (checked phpinfo() to make sure), and it had no effect. The
session ID is not being propagated anywhere that I can see, and like I
said, echoing the contents of $_COOKIE shows the session id.

Thought: Have you been (fully) closing your browser between all tests?

--
PETER FOX Not the same since the cardboard box company folded
pe******@eminent.demon.co.uk.not.this.bit.no.html
2 Tees Close, Witham, Essex.
Gravity beer in Essex <http://www.eminent.demon.co.uk>
Nov 22 '05 #4

P: n/a
>I know that when you start a session in PHP, the "cookie" it creates is
not the same as those that are stored in your browser's temp folder, and
instead is kept in RAM.
This is the distinction between a cookie that vanishes when the browser
closes and one that stays around in the browser for a specified time.
I am confused because in every session tutorial
I have ever read, the author invariably mentions the 2 main ways of
propagating sessions - through cookies and appended to the URL. The
author also almost always talks about the method being dependent on the
user's preferences, for example whether he/she accepts cookies. I am so confused because I have tried setting my browser to reject all cookies,


Did you also *clean out* existing cookies?

Gordon L. Burditt
Nov 22 '05 #5

P: n/a
Gordon Burditt wrote:
I know that when you start a session in PHP, the "cookie" it creates is
not the same as those that are stored in your browser's temp folder, and
instead is kept in RAM.

This is the distinction between a cookie that vanishes when the browser
closes and one that stays around in the browser for a specified time.

I am confused because in every session tutorial
I have ever read, the author invariably mentions the 2 main ways of
propagating sessions - through cookies and appended to the URL. The
author also almost always talks about the method being dependent on the
user's preferences, for example whether he/she accepts cookies. I am so


confused because I have tried setting my browser to reject all cookies,

Did you also *clean out* existing cookies?

Gordon L. Burditt


Gordon,

Thanks for the reply. Yes, I've cleaned out all existing cookies and
deleted all files and history just to start clean (even though I doubt
the latter 2 have any bearing). I've also restarted apache numerous
times and tried both IE and Firefox, all to no avail.

This is from my php.ini file as viewed through phpinfo():
session.use_cookies On On
session.use_only_cookies On On
session.use_trans_sid Off Off

Now that I think about it, what good would clearing all existing cookies
in the browser do? That clears the temp directory, where php's cookies
aren't anyways... I have the default lifetime set as 0, which means they
should die once the browser is closed right?

Given all the info I have provided, am I correct in assuming my sessions
should *not* be working? Obviously I am missing something because they
are in fact working exactly as they always have.

I should mention I am doing all this testing on my localhost. Does this
have any bearing on it? I wouldn't think so but I thought it was worth
mentioning anyways.

As always, thanks for everyone's insightful help.
Nov 22 '05 #6

P: n/a
Wow, I can't explain this, but after just messing around with reloading
programs and everything a million times, FireFox now is behaving
correctly... the sessions don't work when cookies are disabled.

However, IE is still not right. In IE is there anything I have to do
besides tools->internet options->privacy->block all cookies?
Nov 22 '05 #7

P: n/a
>>>I know that when you start a session in PHP, the "cookie" it creates is
not the same as those that are stored in your browser's temp folder, and
instead is kept in RAM.

This is the distinction between a cookie that vanishes when the browser
closes and one that stays around in the browser for a specified time.

I am confused because in every session tutorial
I have ever read, the author invariably mentions the 2 main ways of
propagating sessions - through cookies and appended to the URL. The
author also almost always talks about the method being dependent on the
user's preferences, for example whether he/she accepts cookies. I am so


confused because I have tried setting my browser to reject all cookies,

Did you also *clean out* existing cookies?

Gordon L. Burditt


Gordon,

Thanks for the reply. Yes, I've cleaned out all existing cookies and
deleted all files and history just to start clean (even though I doubt
the latter 2 have any bearing). I've also restarted apache numerous
times and tried both IE and Firefox, all to no avail.

This is from my php.ini file as viewed through phpinfo():
session.use_cookies On On
session.use_only_cookies On On
session.use_trans_sid Off Off

Now that I think about it, what good would clearing all existing cookies
in the browser do?


If you tell the browser to reject all cookies, that may well tell it to
reject all *NEW* cookies, and to keep (and send) the ones it's already
got. If the session cookie is already in there, it stays in there.
So when you set the browser to reject all cookies *without* restarting
it, it keeps the session cookie.
That clears the temp directory,
What temp directory? I'm not aware of a *browser* that keeps cookies
in a temp directory, especially not those that expire when the
browser closes (which are normally just kept in RAM while the browser
is running).

The directory PHP uses to store session files is on the *server*,
not the *client* (a relevant distinction even if they happen to
be on the same machine).

where php's cookies
aren't anyways... I have the default lifetime set as 0, which means they
should die once the browser is closed right?
Are you sure you closed *ALL* the browser windows? On IE with Windows,
this might even require a reboot; I'm not sure.
Given all the info I have provided, am I correct in assuming my sessions
should *not* be working? Obviously I am missing something because they
are in fact working exactly as they always have.
I don't think you've given sufficient information to conclude that.
I should mention I am doing all this testing on my localhost. Does this
have any bearing on it? I wouldn't think so but I thought it was worth
mentioning anyways.

As always, thanks for everyone's insightful help.


Gordon L. Burditt
Nov 22 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.