[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Drupal no cookie session management

Posted on 2014-08-29
5
Medium Priority
?
551 Views
Last Modified: 2014-09-25
Drupal uses cookie based session management.
Our application is embedded in other applications, such as Facebook, iFrame....
Users browser blocks 3rd-party cookie. So Drupal cookie based session management does not work.

How to develop a no cookie session management for Drupal website ?

For example, the following is some information.
https://www.drupal.org/sandbox/veljkopopovic/1998840
This is a sandbox project.
Helps you bypass cookie based session management on your Drupal site.
This is good approach for embedded sites, for example Facebook iframe based embedded applications
which will allow you to implement fully functional Drupal site within iframe avoiding problems
with browser cross-domain cookie restrictions.
0
Comment
Question by:drupal_100
  • 2
4 Comments
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 2000 total points
ID: 40294508
I think this is an impractical goal.  PHP has session management that uses the URL to carry the SID.  But nobody does that any more; cookies are the industry standard.  You cannot use most of the WWW if your browser does not accept and return cookies (or run JavaScript).  Sites like Facebook, Google, eBay, etc., all expect and require cookies.  The Veljko Popovic code is incomplete and unworkable. Cross-domain restrictions are a central part of HTTP security.  The only way around these restrictions is to join an advertising network like DoubleClick.

Here are the references you would need to understand to have a clear view of what's going on with cookies in session management.
HTTP Protocols
PHP Session Management
http://www.php.net/manual/en/session.security.php
http://www.php.net/manual/en/class.sessionhandler.php

After you read those, you will probably have a better understanding of why my recommendation is "Don't do this - it doesn't work that way!"
0
 

Author Comment

by:drupal_100
ID: 40294584
The application is embedded in applications like Facebook , I frame
The cookie for our application is third party cookie in this situation. User browser blocks third party cookie. Therefore our drupal application does not work as it uses cookie based session . So need to make drupal work in no cookie session way. Try to use query string to bypass the cookie based session management.
So the issue is our drupal apps is third party cookie and blocked by user browser.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40294778
I understand the issue.  Drupal is not made to work that way.  About all you can do is tell your clients that they must allow 3rd-party cookies.  And that announcement will probably drive a lot of them away.  Sorry.
0
 
LVL 58

Expert Comment

by:Gary
ID: 40344823
I've requested that this question be closed as follows:

Accepted answer: 500 points for Ray Paseur's comment #a40294778

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
In the below post we have mentioned the best hosting type for startups. Also, check out some of the superlative web hosting companies that are proposing affordable web hosting solutions to host your startup website.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Suggested Courses
Course of the Month20 days, 12 hours left to enroll

865 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question