By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,913 Members | 1,305 Online
Bytes IT Community
Submit an Article
Got Smarts?
Share your bits of IT knowledge by writing an article on Bytes.

how to work with sessions when cookies are disabled

P: 1,059
In general sense:
If Cookie is disabled by browser session do not work.
The most common case is mobile phone browser. In mobile phone browser cookie is disabled by default.

But Session and Cookie is strongly co-related. Because using cookie value server can recall which user is currently requesting.

To make the solution understandable I have made three php file.

creating session
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. //play.php
  3. session_start();
  4. ?>
  5. <form action="play2.php" method="post">
  6. <input type=text name="name">
  7. <input type=hidden value=<?php echo (session_name());?> name="session_name">
  8. <input type=hidden value=<?php echo (session_id());?> name="session_id">
  9. <input type=submit>
  10. </form>
in play.php session has been create
After creating the session name and id is stored in hidden field.
storing two hidden field is not necessary. necessary part is session_id(). There is also a text field which will be stored through the play2.php in session

//save a text in the session which was created in play.php
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. //play2.php
  3. $_COOKIE[$_POST['session_name']]=$_POST['session_id'];
  4. session_start();
  5. $_SESSION['myname']=$_POST['name'];
  6. ?>
  7. Some informatoin
  8. <br>
  9. <br>
  10. <a href="play3.php?session_name=<?php echo (session_name());?>&session_id=<?php echo (session_id());?>">go to next page</>
Here is the magic started
Interestingly session_start() function take the session id from $_SESSION['PHPSESSID']. What we did is create a cookie name PHPSESSID and store the session value from POST data. After that we called session_stat() function. and next thing the value from the text field to session.

//restoring value from session which is saved in play2.php
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. //play3.php
  3. $_COOKIE[$_GET['session_name']]=$_GET['session_id'];
  4. session_start();
  5. echo $_SESSION['myname'];
  6. ?>
Play3.php simply shows the session value and session is create from GET data
Jul 26 '10 #1
Share this Article
Share on Google+

Expert Mod 5K+
P: 8,639
I may note that the default fallback for disabled cookies is putting the Session ID in the URL (unless this is explicitly forbidden)
Jul 26 '10 #2

P: 1,059
This solution is only solution for me so far. But I would like if we can have a better solution :)
Jul 26 '10 #3

Expert 100+
P: 1,168
I cannot think of anything. You maybe able to go a javascript/AJAX way, but it means special handling of every link over your whole site and that is probably a bit too much effort for what it's worth.

Actually, another way would be to bypass sessions... I have never tried this, but if on every page you store in a database: IP address, Browser, and time, and then every page check if that is matched, you could potentially retrieve the "most likely" data for that person. This will be more vunerable to hijacks, and will put strain on the DB/server depending on traffic, but will essentially be a manual session.
Jul 28 '10 #4