Sessions without cookies on

[zimmo]

I am totally googled out, have searched but cannot really find answers as I dont want to use trans id so that my urls have the session fixed to the url. I am trying to figure out how to store and get the session id without cookies on, I have been looking at session_save_path(); and have this working.

 

I am not sure how to get the session id, I have tried it with my cookies off and each time I try and log in on my form it creates a new session id, as when cookies is on it only creates the one?

 

I am storing the session data in a mysql database for security to check attempts at logging in. I know sessions are not the 100% best way, but at this stage its something I need to use.

 

So, my question is how do I store a session and get it to insert into my database if cookies are turned off. I have tried and tried but it just enters a blank field into the db.

 

I tried the following.

session_save_path();

session_id();

session_start();

 

I then looked in my folder containing the sessions and it creates a new one each time.

 

If anyone needs more info please let me know, I am stuck on how to get this working.

 

 

 

[fr34k]

I'm pretty sure that the only way you can carry over sessions is either via cookie or URL.  The server needs to know the client's session ID, in order to access that session-specific data.

 

That being said, you could possibly store the session ID in your MySQL database and associate it with the client's IP address.  However, this is not ideal, because it is very possible that multiple clients could be on a network that shares one public IP address.  Your session information would then count for all of them.

[zimmo]

Some one mentioned to me that I could use something along the lines of

 

$sessId = “Session_File_Name”; ##### The physical text file that is created for the session will have this name

 

session_save_path("./sessions");  ##### Create a folder on the server named sessions or any thing elese you want

 

session_id($sessId);

 

session_start();

 

But I am unsure how to do this.

[zimmo]

There must be a way around this.

 

If user has cookies turned off and I do not enable the session to appended to the url, how do you get around this? I am using a database to insert the data, but if the cookies are off then it is just blank?

 

 

[zimmo]

Right, am going to now use another way. I am going to set and test a cookie and if not there redirect to a page that says cookies need to be enabled.

 

I have tried using this;

$cookiesset = "1";

setcookie("cookiesset", $cookiesset, time()+90);

if (!isset($_COOKIE['cookiesset'])) {

header("Location: index3.html");

}

 

But each time I go to the page it redirects? Have I set this up wrong?