Drupal no cookie session management

Drupal uses cookie based session management.
Our application is embedded in other applications, such as Facebook, iFrame....
Users browser blocks 3rd-party cookie. So Drupal cookie based session management does not work.

How to develop a no cookie session management for Drupal website ?

For example, the following is some information.
https://www.drupal.org/sandbox/veljkopopovic/1998840
This is a sandbox project.
Helps you bypass cookie based session management on your Drupal site.
This is good approach for embedded sites, for example Facebook iframe based embedded applications
which will allow you to implement fully functional Drupal site within iframe avoiding problems
with browser cross-domain cookie restrictions.
drupal_100Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ray PaseurCommented:
I think this is an impractical goal.  PHP has session management that uses the URL to carry the SID.  But nobody does that any more; cookies are the industry standard.  You cannot use most of the WWW if your browser does not accept and return cookies (or run JavaScript).  Sites like Facebook, Google, eBay, etc., all expect and require cookies.  The Veljko Popovic code is incomplete and unworkable. Cross-domain restrictions are a central part of HTTP security.  The only way around these restrictions is to join an advertising network like DoubleClick.

Here are the references you would need to understand to have a clear view of what's going on with cookies in session management.
HTTP Protocols
PHP Session Management
http://www.php.net/manual/en/session.security.php
http://www.php.net/manual/en/class.sessionhandler.php

After you read those, you will probably have a better understanding of why my recommendation is "Don't do this - it doesn't work that way!"
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
drupal_100Author Commented:
The application is embedded in applications like Facebook , I frame
The cookie for our application is third party cookie in this situation. User browser blocks third party cookie. Therefore our drupal application does not work as it uses cookie based session . So need to make drupal work in no cookie session way. Try to use query string to bypass the cookie based session management.
So the issue is our drupal apps is third party cookie and blocked by user browser.
0
Ray PaseurCommented:
I understand the issue.  Drupal is not made to work that way.  About all you can do is tell your clients that they must allow 3rd-party cookies.  And that announcement will probably drive a lot of them away.  Sorry.
0
GaryCommented:
I've requested that this question be closed as follows:

Accepted answer: 500 points for Ray Paseur's comment #a40294778

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Drupal

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.