I am working in a WordPress environment where the host does not support $_SESSION vars based on caching & speed issues.
I have been doing php development for a long time & I use $_SESSION for a lot of things, in this PARTICULAR case for passing a logon id in a session var so I can determine if a user properly logged on, as opposed to someone just going to www.oursite.com/user-page-docs/
, for example.
I am trying to think of another easy but safe way to do this, so far can't think of any.
Most of the pages that "cascade" forward from the login are accessed via the $_GET method; e.g., oursite.com/some_page.php?
where a & b further describe the parameters of action on the page. I thought about adding the userid there as well, then it is visible in the url, but of course only to the already successfully logged in user, so maybe not an issue?
Some have said use the database, I don't see how to do that.