Solved

PHP - pass session_id when cookies are disabled?

Posted on 2014-02-13
3
599 Views
Last Modified: 2014-02-20
Hi,
how do I keep session_id when cookies are disabled?

At the moment the code below generates a new value for $cookie on page refresh when cookies are disabled?

Thanks in advance for your feedback.

<?php  session_start();

	function GetCartId()
		{
		// This function will generate an encrypted string and
		// will set it as a cookie using set_cookie. This will
		// also be used as the cookieId field in the cart table
		
		if(isset($_COOKIE["cartId"]))
		{
			return $_COOKIE["cartId"];
		}
		else
		{
			// There is no cookie set. We will set the cookie
			// and return the value of the users session ID
		
			setcookie("cartId", session_id(), time() + ((3600 * 24) * 30));
			return session_id();
		}
	}

		$cookie = GetCartId();
		
		echo $cookie; 
		
?>

Open in new window

0
Comment
Question by:sabecs
3 Comments
 
LVL 43

Expert Comment

by:Chris Stanyon
ID: 39857939
You can do it but it's not ideal. Basically, you will have to pass the session id as a querystring parameter in the URL. PHP will do this automatically if you enable session.use_trans_sid (I think PHP needs to be compiled to allow this so you might have to speak to your host)

<?php
ini_set("session.use_trans_sid",1); # Forgot this one!
session_start();
?>

Open in new window

You might be better off just letting the user know that your site requires cookies - I haven't heard of anyone turning off cookies for a long time!

A downside of appending the session id to your links is search engines indexing the links and users bookmarking them!
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39858118
If they have disabled cookies, it is likely they have disabled javascript too.  Sometimes when they do that, you have to say, sorry we can't work with you.
0
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 39858573
Fortunately this is documented in the online man pages.  Required reading here:
http://php.net/manual/en/book.session.php
http://php.net/manual/en/session.idpassing.php

That said, I agree with the other comments that clients who do not accept cookies are rare, an edge case, and can be ignored.  In my life I have met only one person who ever said he would never accept HTTP cookies.  A client cannot use Facebook, Amazon, eBay or Google if it does not accept and return cookies.  Fuggedaboutem.
0

Featured Post

ScreenConnect 6.0 Free Trial

Discover new time-saving features in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI, app configurations and chat acknowledgement to improve customer engagement!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This article discusses four methods for overlaying images in a container on a web page
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question