470,833 Members | 1,688 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 470,833 developers. It's quick & easy.

Session Cookie Problems

I have a website that authenticates users and then allows them to visit
member only parts of the site.

The authentication uses cookies. When the user has logged in and the
script has satisfied itself that the username and password are correct
(comparing against a MySQL table), the following session script is run:

session_start();
session_register('sname','slevel','semail','stime' ,'sadminlevel');
$sname = *real name of user*
$slevel = *their membership level*
$semail = *their email address*
$sadminlevel = *there administration level*
$stime = *the time they logged in*

the time information is also stored in the mysql table along with an
"expires" time so that their session can be cancelled if they leave
their computer unattended for a specified period. The session is
started on every page so that the above session variables are available
to scripts while the session is valid.

This all works perfectly - except on computers with cookies turned off.
A large number of members now have desktop access at their workplace
and want to use the site at work - but they all have cookies switched
off on their desktops and cannot change this setting.

Is there a way of

1) recognising that cookies are disabled
2) if they are, implementing a different way of maintaining sessions?

Any help would be very gratefully received.

Steve

Jan 4 '06 #1
2 1165
St***********@gmail.com said the following on 04/01/2006 15:00:
session_start();
session_register('sname','slevel','semail','stime' ,'sadminlevel');
$sname = *real name of user*
$slevel = *their membership level*
$semail = *their email address*
$sadminlevel = *there administration level*
$stime = *the time they logged in*
First of all, don't do that. Since PHP 4.2, use of session_register() is
not recommended. Use $_SESSION["whatever"] instead. See
http://php.net/session_register.

Is there a way of

1) recognising that cookies are disabled
2) if they are, implementing a different way of maintaining sessions?


Yes, you can use a GET variable in all the URLs. PHP can do this
automatically - see
http://www.php.net/manual/en/ref.ses...sion.idpassing.

However, passing session IDs this way has a lot of issues associated
with it (security, bookmarking, search-engine problems, etc.).

IMHO, I would use only cookies. If a user has cookies disabled
irrationaly (IMO, again), they should just have to live with sites not
working correctly. HTTP is a statless protocol, and complex modern sites
usually require state information to provide useful functionality, and
cookies are the best mechanism to provide that information.

<insert flame here>
--
Oli
Jan 4 '06 #2
> Since PHP 4.2, use of session_register() is
not recommended. Use $_SESSION["whatever"] instead. See
http://php.net/session_register.
Thanks - will look into that.
IMHO, I would use only cookies. If a user has cookies disabled
irrationaly (IMO, again), they should just have to live with sites not
working correctly. HTTP is a statless protocol, and complex modern sites
usually require state information to provide useful functionality, and
cookies are the best mechanism to provide that information.


80% of the users of the site have no choice as their PCs are centrally
administered and the TOOLS->OPTIONS menu in Internet Explorer is
disabled on their PC/Terminal. I will try to encourage the
administrators to allow cookies for my site however.

Thanks for your help.

Jan 4 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

27 posts views Thread by mrbog | last post: by
3 posts views Thread by Enoch Chan | last post: by
7 posts views Thread by ehendrikd | last post: by
5 posts views Thread by tshad | last post: by
13 posts views Thread by Alexander Widera | last post: by
reply views Thread by joseph conrad | last post: by
13 posts views Thread by Samir Chouaieb | last post: by
3 posts views Thread by trullock | last post: by
reply views Thread by mihailmihai484 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.