Child variable (login without cookies)?

servo

I'm trying to figure out a way to construct a user authentication system that does NOT use cookies. I do not want to use sessions, because to use them properly they require the use of a cookie as well (since my site is a mixture of .php pages and .html pages, I can't really pass session ids in the URLs of links).

So I started thinking... what if I spawn a small pop-up child window that sets and maintains a true environment or global variable (or maybe I'll I'd need to do is check something like the REMOTE_ADDR of the child?). Could I then access the value of the variable from the parent window? Anybody know of a way this could be accomplished? If someone closed the child window, obviously they wouldn't be logged in anymore... but so what, I put a large red disclaimer in the child window that says "don't close me until you're done doing what you're doing".

Any info would be greatly appreciated!
Thanks,
-Carl

Anon

Go to SpilledThoughts.com... That is a website I built and it doesn't use cookies or session ID's, but has a complete user login system. Here's the essentials of what I am doing. When a user logs in, I create and MD5 string that references back to a table with their information. I then append this ID string to the end of every link that appears on my site. Here's an example:

Before logging in:
<A HREF='some_link.php'>

After loggin in:
<A HREF='some_link.php?user=12345678901234567890123456789012'>

This is actually very easy to accomplish if at the top of you page you create a variable that will hold the user ID number, oh let's say it's called $login_string1 (I use the 1 at the end for a reason you will see later). This is what the actual link would like in the PHP file.

Now if the user is not logged in, then $login_string1 is empty, otherwise it has there information and gets added to the URL. The only time this ever gets hairy is when dealing with mutiple url variables.

Say you are wanting:
<A HREF='some_link.php?this=that'>
And you want to also use the login string, well... easy fix.

Use two login strings:
$login_string1 = "?user=12345678901234567890123456789012";
$login_string2 = "&user=12345678901234567890123456789012";

Now if you ever want to use a URL that has multiple variables in it, you just use $login_string2.

This may seem a little crazy but it works and it works beautifully. Anyone that disagress has never used SpilledThoughts.com. Hey, anything I can do to help get this world to quit eating from the cookie jar, I will. If you need more detail (God Help Us), just repost... or hey... maybe try going to SpilledThoughts.com and post it there. Then you can use the site and see exactly what I am talking about.

servo

Yes...
but as I said... my site is a mixture of .php and .html files... so I don't have the opportunity to append the id to all links (ie- the HTML files won't be parsed by PHP and won't understand the variable).
Targeted content in HTML pages can be handled via includes... but I certainly don't want to have to have an include for each link.

Thanks AZ. I will check out SpilledThoughts, though... and maybe it'll motivate me to convert all my pages to PHP (a daunting task, considering the number... but maybe if I get a burr in my bonnet...).

-Carl