disabling user cookies

Anon

Actually, the biggest problem with cookies is that the user can turn them off, leaving your session capability non-functional. Passing a session id in the url avoids this problem. Could somebody tell me how to do this and i also assume there is some kind of possibility in php to make the usr information passed in the url transparent.

[deleted]

Just print the sessionid in the url, like this:

echo "<a href=bla.php?PHPSESSID=".session_id().">click here</a>";

or, use PHP's transid function.
http://www.php.net/manual/en/ref.session.php

matjaz

like vincent wrote, you should only transfer session id. dont ever transfer username or password or something like that.

you should put other relevant information in session variables you can read later in your code...

Anon

With regards to purely cookies:

I'm not sure if this is the best method thus far, but cookie "checking" could be possible by first sending a cookie and reading from it to verify that cookies are on. Reading from it later and if cookies are disabled, it'll be a no-go. Still there's the possibility of the user deleting the physical cookie file after the login/submission.

Alvin Koh.