darp Posted May 24, 2010 Share Posted May 24, 2010 If I have cookies disabled sessions do not work. PHP sessions are not supposed to be dependent on cookies are they? Here is a little script that shows the results. This was tested on Firefox, Konqueror and Opera. test_one.php <?php session_start(); echo session_id(); //RESULT: n27kncejcd4rt246037989eqn1jui6bj $_SESSION[id]=session_id(); echo "<br />"; var_dump($_SESSION[id]); //RESULT: string(32) "n27kncejcd4rt246037989eqn1jui6bj" ?> <br /> <a href="test_two.php" >Go to Test Two</a> //END OF test_one.php test_two.php <?php session_start(); echo session_id(); //RESULT: m9oh3l865ovrgvb2ue6tdlmnrflpevhb echo "<br />"; var_dump($_SESSION[id]); //RESULT: NULL ?> As you can see, in test_two.php the session_id is reset and $_SESSION[id] is NULL. When cookies are enabled everything has the same value, as it should. Why? Is this a PHP or a sever problem? The domain is localhost on my personal computer. Linux 2.6.31.12-0.2-default x86_64 Apache2.2 PHP 5.3 Quote Link to comment https://forums.phpfreaks.com/topic/202744-sessions-do-not-work/ Share on other sites More sharing options...
foxsoup Posted May 24, 2010 Share Posted May 24, 2010 Sessions still require cookies to be enabled on the client end so that a 'session tracking cookie' can be written which identifies that particular client with a particular session on the server. A client will need to have cookies enabled to make use of a website that uses either cookies or sessions to remember states across pages. Quote Link to comment https://forums.phpfreaks.com/topic/202744-sessions-do-not-work/#findComment-1062619 Share on other sites More sharing options...
Psycho Posted May 24, 2010 Share Posted May 24, 2010 There are varying levels of "allowing" cookies. Each browser is different, but you can typically block third-party cookies and first-party cookies with personal info but still allow session cookies. In IE, you would use the Privacy Tab to set this. Quote Link to comment https://forums.phpfreaks.com/topic/202744-sessions-do-not-work/#findComment-1062629 Share on other sites More sharing options...
darp Posted May 24, 2010 Author Share Posted May 24, 2010 Thanks, but I get conflicting information about this. I have been setting up an osCommerce store. Apparently the store does not require clients to have cookies enabled. Customers are tracked via sessions alone when they choose to have cookies disabled on their browser. A session id is written to mysql or a tmp directory and passed via the URL ( and some how hidden after the second click for security reasons ) . However, I have not been able to get this to work on my development machine. But you are saying that PHP sessions are dependent on cookies. Is that correct? There is no way to get sessions to work without cookies? Quote Link to comment https://forums.phpfreaks.com/topic/202744-sessions-do-not-work/#findComment-1062630 Share on other sites More sharing options...
foxsoup Posted May 24, 2010 Share Posted May 24, 2010 The server still needs a method of identifying a client with a session, so it uses a cookie to match the session ID. From http://www.tuxradar.com/practicalphp/10/0/0 : "Sessions grew up from cookies as a way of storing data on the server side, because the inherent problem of storing anything sensitive on clients' machines is that they are able to tamper with it if they wish. In order to set up a unique identifier on the client, sessions still use a small cookie - this cookie simply holds a value that uniquely identifies the client to the server, and corresponds to a data file on the server." In short, a client with all cookies disabled won't be able to use sessions on your site. Quote Link to comment https://forums.phpfreaks.com/topic/202744-sessions-do-not-work/#findComment-1062638 Share on other sites More sharing options...
Psycho Posted May 24, 2010 Share Posted May 24, 2010 In short, a client with all cookies disabled won't be able to use sessions on your site. Added emphasis on ALL. As I alluded to previously, you can disable varying levels of cookies. Quote Link to comment https://forums.phpfreaks.com/topic/202744-sessions-do-not-work/#findComment-1062641 Share on other sites More sharing options...
foxsoup Posted May 24, 2010 Share Posted May 24, 2010 Eeep, slight brainfart moment there. Corollary to what I stated before, you can pass the session ID via the URL by turning session.use_trans_sid on in your php.ini file, but this is generally discouraged for security reasons plus it makes your URLs look pretty ugly. I'd recommend some checking up on the implications of using it before putting it into production. Quote Link to comment https://forums.phpfreaks.com/topic/202744-sessions-do-not-work/#findComment-1062645 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.