Non-cookied sessions

tomgone

A quick question about sessions, is there anyway of using sessions without cookies being sent at all? I'm using PHP4 and I have compiled (Linux/Apache module) it with --enable-trans-sid and all is well. I use start_session in my scripts and so on. If I tell my browser though to warn if a cookie is set I get the "server wishes to set a cookie that will only be sent back to itself" warning. So no cookies will be stored on the user machine, but its might still annoy some people. Anyways, I'm guessing there is no way to get rid of that?

I was looking at the alternative of appending a session id (or identifier) to the URL, but not sure if that avoids the problem (or rather issue)?

Thanks for any pointers
Thomas

lawnmowerman

Though I've never done it, supposedly you can change the php.ini file to include "session.use_cookies = 0"

This will force php NOT to use cookies.

See:
http://www.phpbuilder.com/manual/ref.session.php

Hope this helps.

-Rich

tomgone

Changed that and yes it sure does stop using cookies. As I have compiled it with enable-trans-sid it now works with propagating the SID's automaically. My only problem left now is passing information between a form and a confirmation script.

I have a form (login) which accepts a username and password. A validation script is then called which either lets the user into the site or returns them to the login screen. If I return the user to the login screen I want to pass back an error code (username or password was wrong), but I can not get it to pass the SID back. The SID is included as a hidden field (by PHP) when the validate script is called.

/Tom

lawnmowerman

Hi Tom.

Unfortunately, as I stated before, I've never used sessions without cookie support.

This being the case, I'm afraid I'm unable to assist in your troubleshooting.

Good luck!

-Rich

tomgone

Rich,

I more or less just sorted it, and it was more or less as discussed. By compiling with --enable-trans-sid PHP automatically appends all relative URL's with the SID. Then turn off cookies in the config file and no more cookies and all pages have the SID appended. Only problem that remained was for example URL redirects which did not get the SID automatically appended, but the SID is available as a variable and can be manually appended in such cases. Phew 🙂

Cheers for your time
Tom