Solved

PHP - pass session_id when cookies are disabled?

Posted on 2014-02-13
3
595 Views
Last Modified: 2014-02-20
Hi,
how do I keep session_id when cookies are disabled?

At the moment the code below generates a new value for $cookie on page refresh when cookies are disabled?

Thanks in advance for your feedback.

<?php  session_start();

	function GetCartId()
		{
		// This function will generate an encrypted string and
		// will set it as a cookie using set_cookie. This will
		// also be used as the cookieId field in the cart table
		
		if(isset($_COOKIE["cartId"]))
		{
			return $_COOKIE["cartId"];
		}
		else
		{
			// There is no cookie set. We will set the cookie
			// and return the value of the users session ID
		
			setcookie("cartId", session_id(), time() + ((3600 * 24) * 30));
			return session_id();
		}
	}

		$cookie = GetCartId();
		
		echo $cookie; 
		
?>

Open in new window

0
Comment
Question by:sabecs
3 Comments
 
LVL 43

Expert Comment

by:Chris Stanyon
ID: 39857939
You can do it but it's not ideal. Basically, you will have to pass the session id as a querystring parameter in the URL. PHP will do this automatically if you enable session.use_trans_sid (I think PHP needs to be compiled to allow this so you might have to speak to your host)

<?php
ini_set("session.use_trans_sid",1); # Forgot this one!
session_start();
?>

Open in new window

You might be better off just letting the user know that your site requires cookies - I haven't heard of anyone turning off cookies for a long time!

A downside of appending the session id to your links is search engines indexing the links and users bookmarking them!
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39858118
If they have disabled cookies, it is likely they have disabled javascript too.  Sometimes when they do that, you have to say, sorry we can't work with you.
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 39858573
Fortunately this is documented in the online man pages.  Required reading here:
http://php.net/manual/en/book.session.php
http://php.net/manual/en/session.idpassing.php

That said, I agree with the other comments that clients who do not accept cookies are rare, an edge case, and can be ignored.  In my life I have met only one person who ever said he would never accept HTTP cookies.  A client cannot use Facebook, Amazon, eBay or Google if it does not accept and return cookies.  Fuggedaboutem.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now