PHP sessions

carole2

session_start();
//fix for IE-5
header("Cache-control: private");
//if cookies are accepted then
if (SID == "" ) {

//authenticate code is here 

//Sid is not blank and cookies are not supported.
else{
$location_url=$site_url."nocookie.php?".$cat_url;
 header('Location: '.$location_url);
exit();} 
[/Php]

I used the above code for some time in my login process and my ISP upgraded to Redhat Enterprise 3 and users started getting the no cookie support (else statement above), the first time they tried to login even when their browsers were set to accept cookies. But the second time to login it was okay. Im not sure if it is realted to the upgrade but it is the only thing that has changed. I had to remove the if statement for checking for browser cookie support. Is there any other way to check for bowser cookie support?

drawmack

If I really HAVE to know if cookies are supported by the user then on the main page I check for the existence of a session variable. If the session variable is not set then I set the variable and a cookie and send a header redirect to the same page. Then on the reload the session variable exists so I check for the cookie, if it is not found I store a session variable that tells me this user doesn't support cookies.

carole2

I think I follow, Could you possibly give me a coding sample.

Thanks

bretticus

I've done something similiar in the the past to drawmack's suggestion (sorry drawmack, for butting in. I'm in a helpful mood tonight ;-)

Off the top of my head, this might work...

session_start();
$somevar = "someval";
if (!isset($_SESSION['somevar']) && !isset($_GET['chk'])) {
	$_SESSION['somevar'] = $somevar;
	Header("Location: {$_SERVER['PHP_SELF']}?chk=1");
} else {
	if ($_SESSION['somevar'] != $somevar)
		Header("Location: nocookies.php");
}

P.S. There's probably a better way to do the redirect without having to rely on the ?chk=1 showing up everytime if you put your imagination to it. Hope this gives you the gist though. The gist being that since sessions require a cookie, you can use them to test if a cookie can be written to the browser.

carole2

I see, thank you. I was wondering if there is any danger in using

if (SID == "" )

to check for cookies as I did above.