using session instead of cookie

Anon

Dear all,
I am new in PHP, so please forgive me if this is a stupid question.
Can I count how many times a user visiting my homepages using session instead of cookie (since not all people like cookie in their computer)?
If yes, would you mind to show me how it works ?
Thank you for your attention.

Sincerely,
Kiky

Anon

Sessions won't help. They are the wrong tool for the job.

A user session is a series of HTTP requests that are closely connected in time, equivalent to a site visit. PHP sessions allow data to persist across the lifespan of a user session.

What you want to do is preserve the user's identity across multiple visits, which is something else entirely, and PHP sessions were not designed to do that.

When I come to your site Thursday morning, you want to be able to identify me as the same visitor you had Monday night.

There are only three ways to do that.

Ask me to identify myself (through a login process). The problem with this is obvious. Unless you offer some unique value in return, such as personalization, free email, or participation in a bulletin board, I probably will not log in. It won't work for the casual visitor.
Generate a unique URL and ask me to bookmark it for my return visit. This is even more problematic than the first option; many people don't even know what a bookmark is.
Use a cookie that uniquely identifies me and persists across the timespan separating the sessions.

The cookie is generally the best option, although it fails if I have two computers, and you have to deal with the
small but vocal minority of cookie objectors/conspiracy theorists. My friend Tom Regan of the Christian Science Monitor rightly describes cookies as "the black helicopters of the Internet." I figure that anybody who's a cookie paranoiac is probably not the kind of visitor that I want, anyway. :-)

Anon

What he was saying is that he uses sessions, and some people don't allow cookies, so they either don't get sessions or use transparent ids (i.e. the session id is appended to the urls automagically) and he wanted to know how to figure out who refused cookies.

The only way to really tell if a client refused a cookie is to try and write one, then try to read it. Probably the best way to do that is to make your index.html/index.php screen attempt to write a cookie, then have the next screen attempt to read it, and write out to a log file whether or not it was successful.

I'm not sure the best way to implement it though.

Anon

Kiky Tan's question was "Can I count how many times a user visiting my homepages using session instead of
cookie?" ... and the answer is no. I didn't see anything to suggest that sessions are now being used.

Anon

Oh, I get it. I thought he was meaning sessions without cookies, but now I see what he was asking.

He could use transparent ids to track sessions, but any timeout of the session will likely result in a new session, so it's likely he'll still double count a few folks.

Anon

Dear guys,
Thank you for your reply.
Do you mean that session is just like "one visit" cookie ? I mean, if I visit a website I would get a session ID, but if I move to another website (even I do not close the browser), the session ID will be expired?

Thank's in advance.
Kiky

Anon

Sessions are implemented in one of two ways, via cookies, or via transparent ids attached to the end of each URL (i.e. http://some.url?session_id=3568953)

Sessions allow you to store data in PHP that is persistant for that connection, like cookies do on the client side, but here on the server side. Unlike cookies, when a session terminates, there is no further evidence of it when the user comes back in an hour.

Of course you could implement some kind of profile system for your users...

Anon

Kiki asks: ""but if I move to another website (even I do not close the browser), the session ID will be expired?"

Not automatically, at least not that quickly. Sessions do expire according to a value set in php.ini, but the default is 4 hours. In my BBS session code, I ask users to log out (which is reasonable, since I've asked them to log in!) and when they do, I call session_destroy() to wipe out the session records.

As Scott points out, sessions can be implemented using either cookies or URLs to hold the session IDs. (The actual session variables -- the part you as the programmer are interested in -- are actually stored on the server, by default in special temporary files. The session IDs are used to locate the correct set of session variables.)

Let's imagine that a site doesn't use cookies and instead propagates the session ID using URLs.

If you leave such a site without logging out, the session won't be destroyed. If you return to one of the URLs that contains a session ID, your session will pick up where it left off.

But if you return to the "front door" of the site, or a bookmark with no session ID or an old session ID, you will have no way to reclaim your session variables. So, while the Web server will still have your records, it won't recognize you.