mkosmosports Posted June 22, 2007 Share Posted June 22, 2007 Hey, Now I know there are a lot of pages dedicated to this but I cant seem to find any concrete answers. I use sessions on my site. The information in some of these session arrays is vital for the site to work. I just recently found out if cookies are disabled that big ugly PHPSESSID url parameter gets inserted into all links, which is not only ugly but poses security risks because the session id can be viewed by everyone. A lot of people are advising to disable this altogether in php.ini, which I dont understand though, because how else can you use sessions if the users cookies are disabled?? So, I need to make sessions are accesible even if the user has cookies disabled, but I want to make sure that doesnt pose any security risks, and if possible I would like to clean up that url a little? Does anyone have any suggestions? Is this doable? Anything is appreciated. Thanks Quote Link to comment https://forums.phpfreaks.com/topic/56786-sessions-with-cookies-disabled/ Share on other sites More sharing options...
redarrow Posted June 22, 2007 Share Posted June 22, 2007 rewrite_url my friend ok. http://www.syndk8.com/mod_rewrite_tutorial_and_help.php Quote Link to comment https://forums.phpfreaks.com/topic/56786-sessions-with-cookies-disabled/#findComment-280518 Share on other sites More sharing options...
wildteen88 Posted June 23, 2007 Share Posted June 23, 2007 rewrite_url my friend ok. http://www.syndk8.com/mod_rewrite_tutorial_and_help.php Mod rewrite wont help here. If you don't want the PHPSESSID to be displayed in the url and cookies is not available then I guess it would be best for you to write your own custom session handler by saving session data to a database and tracking the user via their IP address rather than a cookie. Have a read of the manual on setting your own session handler rather than using PHP's default handler. Quote Link to comment https://forums.phpfreaks.com/topic/56786-sessions-with-cookies-disabled/#findComment-280810 Share on other sites More sharing options...
mkosmosports Posted June 23, 2007 Author Share Posted June 23, 2007 Thanks.... Ill be working on this... Quote Link to comment https://forums.phpfreaks.com/topic/56786-sessions-with-cookies-disabled/#findComment-280831 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.