+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=11)
+--- Thread: How does the Session-Library work if cookies are rejected by the browser? (/showthread.php?tid=73298)
How does the Session-Library work if cookies are rejected by the browser? - michael - 04-09-2019
If cookies are accepted by the browser everything works well. But if cookies are rejected by the browser it doesn’t work.
With the following PHP-settings in case of rejected cookies the session-id should be attached to the URL. I tried it with the native PHP-command session_start() and it works (http://localhost/ /read.php?PHPSESSID=db06i2694i0tfbf80h39jm8fd0).
Many thanks in advance.
PHP-settings:
session.use_cookies
On
session.use_only_cookies
Off
session.use_strict_mode
Off
session.use_trans_sid
1
RE: How does the Session-Library work if cookies are rejected by the browser? - skunkbad - 04-09-2019
It seems like you understand sessions enough to get you in trouble. Having the session ID as a query string param is a security risk. Instead, test for cookies and let the site visitor know that they must enable cookies for your site to work properly.
And by the way, if somebody doesn't have cookies enabled, most of the internet is probably broken for them anyways, so they're used to it.