Sessions Without Cookies in PHP 7

[StevenOliver]

I'm trying to learn the proper workaround to enable Sessions when visitors have their cookies disabled.

When I create a PHP session page with ini_set("session.use_trans_sid", 1) and then disable my browser cookies and view browser source code, I see what I expect: a hidden input appended like this:
<input type="hidden" name="PHPSESSID" value="abc123456789reallylongstring1234" />

It seems to work (sessions without cookies!).

However, I don't see the long URL query strings that I used to see when I experimented with this 10 years ago, and I don't see the long PHPSESSID value appended to all the page links, and I don't see dozens of session variables appended as hidden form inputs. Rather, I just see the one PHPSESSID hidden input described above. Is this because all the session variables are stored on the server itself, and all the server needs is that one single long PHPSESSID value? Or, am I doing it wrong? :-)

 

Edited April 4, 2019 by StevenOliver

[requinix]

Sounds like something is wrong. What's the full source of one of these pages?

You do know that this is a substantial security risk, right? People who disable their cookies are used to websites not working.

[ginerjm]

And who/what told you to not use cookies???

[StevenOliver]

15 hours ago, requinix said:

People who disable their cookies are used to websites not working.

I love this! This made my day! 

[taquitosensei]

I had a boss who had an 80/20 rule. Program for the 80%.  He would have told me not to worry about people with their cookies disabled. Make sure it works for everyone else. 

[Barand]

Pretty much like estimating how long it will take to write a program

The first 80% takes 80% of the time. The last 20% takes another 80% of the time.