?
Solved

PHP - pass session_id when cookies are disabled?

Posted on 2014-02-13
3
Medium Priority
?
619 Views
Last Modified: 2014-02-20
Hi,
how do I keep session_id when cookies are disabled?

At the moment the code below generates a new value for $cookie on page refresh when cookies are disabled?

Thanks in advance for your feedback.

<?php  session_start();

	function GetCartId()
		{
		// This function will generate an encrypted string and
		// will set it as a cookie using set_cookie. This will
		// also be used as the cookieId field in the cart table
		
		if(isset($_COOKIE["cartId"]))
		{
			return $_COOKIE["cartId"];
		}
		else
		{
			// There is no cookie set. We will set the cookie
			// and return the value of the users session ID
		
			setcookie("cartId", session_id(), time() + ((3600 * 24) * 30));
			return session_id();
		}
	}

		$cookie = GetCartId();
		
		echo $cookie; 
		
?>

Open in new window

0
Comment
Question by:sabecs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 43

Expert Comment

by:Chris Stanyon
ID: 39857939
You can do it but it's not ideal. Basically, you will have to pass the session id as a querystring parameter in the URL. PHP will do this automatically if you enable session.use_trans_sid (I think PHP needs to be compiled to allow this so you might have to speak to your host)

<?php
ini_set("session.use_trans_sid",1); # Forgot this one!
session_start();
?>

Open in new window

You might be better off just letting the user know that your site requires cookies - I haven't heard of anyone turning off cookies for a long time!

A downside of appending the session id to your links is search engines indexing the links and users bookmarking them!
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39858118
If they have disabled cookies, it is likely they have disabled javascript too.  Sometimes when they do that, you have to say, sorry we can't work with you.
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 2000 total points
ID: 39858573
Fortunately this is documented in the online man pages.  Required reading here:
http://php.net/manual/en/book.session.php
http://php.net/manual/en/session.idpassing.php

That said, I agree with the other comments that clients who do not accept cookies are rare, an edge case, and can be ignored.  In my life I have met only one person who ever said he would never accept HTTP cookies.  A client cannot use Facebook, Amazon, eBay or Google if it does not accept and return cookies.  Fuggedaboutem.
0

Featured Post

WordPress Tutorial 1: Installation & Setup

WordPress is a very popular option for running your web site and can be used to get your content online quickly for the world to see. This guide will walk you through installing the WordPress server software and the initial setup process.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question