Session Without Cookies- How??

bigdaddyd

Hi,

I have the following code working when the cookies are enabled, but when I turn them off it doesn't work.

I think the session ID is getting passed correctly, because I see it there on the browser with cookies enabled. Problem is, I think it isn't getting read properly on the one without cookies because it always gets kicked back to the login page.

Anyone know what is going on?

<?
include ("../include_files/connection.php");
//run a query and redirect dependig on results
//SQL string
$sql="SELECT a.f_name,a.l_name,
b.group_id,
c.group_name
FROM tbl_admin_users a
INNER JOIN tbl_x_group_users b ON a.id = b.user_id
INNER JOIN tbl_admin_groups c ON b.group_id = c.id
WHERE username='$username' AND password='$password'";
// and execution
$result = mysql_query($sql,$dbcnx);
//check row count
if(mysql_num_rows($result) ==1){
$row=mysql_fetch_array($result);
$pass=1;
session_start();
// create the session array
$mysession = array ("session_f_name" => $row["f_name"], "session_l_name" => $row["l_name"], "ID" => session_id(), "session_group_id" => $row["group_id"], "session_group_name" => $row["group_name"]);
session_register("mysession");
header("Locationrivate/index.php?SID=".$mysession["ID"]);
}else{
$pass=0;
}
if ($pass==1){
}else{
header("Location:index.php");
}
?>

<b>PAGE 2 (private/index.php in above script)</B>
<?
session_start();

if (!session_is_registered("mysession")){
header("Location: ../index.php?action=denied");
}else{
session_id();
}
?>

<?echo $mysession[session_f_name] ?>

Frag

If I remember correctly. Even if you use server side session storage you still MUST have at least one cookie on the client side (The sessions name) Otherwise when you come to the next page how is it supposed to know what session is yours?

I don't think you can do what your asking...

Frag

dannys

You don't need a cookie - you can pass the sessionId around as GET/POST var.

http://www.php.net/manual/en/ref.session.php - scroll down to 'Passing the Session ID'

dannys

Also,

header("Locationrivate/index.php?SID=".$mysession["ID"]);

shouldn't that be more like:

header("Location: private/index.php?SID=".$mysession["ID"]);

maybe it was when you pasted it into the forum, then again maybe it's like that in your code.

bigdaddyd

Thanks Dannys,

It was the cut and paste that was wrong. I know it works because the session Id is retrieved when I use a browser with cookies enabled. It is when use another browser with cookies DISabled that it fails.

So the question still remains...

How do you tell the script (on page 2) to use the variables associated with the session ID that has been passed thorugh the URL?