Jump to content

Sessions do not work


darp

Recommended Posts

If I have cookies disabled sessions do not work. PHP sessions are not supposed to be dependent on cookies are they?

Here is a little script that shows the results. This was tested on Firefox, Konqueror and Opera.

 

test_one.php

<?php

 

session_start();

 

echo session_id();    //RESULT: n27kncejcd4rt246037989eqn1jui6bj

 

$_SESSION[id]=session_id();

 

echo "<br />";

 

var_dump($_SESSION[id]);    //RESULT: string(32) "n27kncejcd4rt246037989eqn1jui6bj"

?>

<br />

<a href="test_two.php" >Go to Test Two</a>

 

//END OF test_one.php

 

test_two.php

<?php

 

session_start();

 

echo session_id();    //RESULT: m9oh3l865ovrgvb2ue6tdlmnrflpevhb

 

echo "<br />";

 

var_dump($_SESSION[id]);  //RESULT: NULL

?>

 

As you can see, in test_two.php the session_id is reset and $_SESSION[id] is NULL.

 

When cookies are enabled everything has the same value, as it should.

 

Why? Is this a PHP or a sever problem?

 

The domain is localhost on my personal computer.

 

Linux 2.6.31.12-0.2-default x86_64

Apache2.2

PHP 5.3

 

 

Link to comment
Share on other sites

Sessions still require cookies to be enabled on the client end so that a 'session tracking cookie' can be written which identifies that particular client with a particular session on the server.  A client will need to have cookies enabled to make use of a website that uses either cookies or sessions to remember states across pages.

Link to comment
Share on other sites

There are varying levels of "allowing" cookies. Each browser is different, but you can typically block third-party cookies and first-party cookies with personal info but still allow session cookies. In IE, you would use the Privacy Tab to set this.

Link to comment
Share on other sites

Thanks, but I get conflicting information about this. I have been setting up an osCommerce store. Apparently the store does not require clients to have cookies enabled. Customers are tracked via sessions alone when they choose to have cookies disabled on their browser. A session id is written to mysql or a tmp directory and passed via the URL ( and some how hidden after the second click for security reasons ) .

 

However, I have not been able to get this to work on my development machine.

 

But you are saying that PHP sessions are dependent on cookies. Is that correct? There is no way to get sessions to work without cookies?

Link to comment
Share on other sites

The server still needs a method of identifying a client with a session, so it uses a cookie to match the session ID.  From http://www.tuxradar.com/practicalphp/10/0/0 :

 

"Sessions grew up from cookies as a way of storing data on the server side, because the inherent problem of storing anything sensitive on clients' machines is that they are able to tamper with it if they wish. In order to set up a unique identifier on the client, sessions still use a small cookie - this cookie simply holds a value that uniquely identifies the client to the server, and corresponds to a data file on the server."

 

In short, a client with all cookies disabled won't be able to use sessions on your site.

Link to comment
Share on other sites

Eeep, slight brainfart moment there.  Corollary to what I stated before, you can pass the session ID via the URL by turning session.use_trans_sid on in your php.ini file, but this is generally discouraged for security reasons plus it makes your URLs look pretty ugly.  I'd recommend some checking up on the implications of using it before putting it into production.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.