+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Session question! (/showthread.php?tid=25094)
Session question! - El Forum - 11-30-2009
[eluser]Thomas Fuston[/eluser]
Aloha!
Hey everyone, i got a little question with the Session library's ( i`ve tried some)
In every library i tried now, is always the same.
Cookies needed, else the session wont work.
So my questions is now, is there any solution out there for CI for sessions without cookies needed ?
I would prefer such a solution, i would be happy if i dont have to code an usual phpnative login/session script.
so far...
Lemontree ^^
Session question! - El Forum - 11-30-2009
[eluser]skunkbad[/eluser]
Once again, at least in my opinion, a good reason to use php's $_SESSION. Runtime configuration can easily be modified with session.use_trans_sid. The problem is that additional configuration would be necessary so that CI could utilize the query string.
While this is your preference, using query string based sessions is bad for security and SEO. You could even get penalized for having duplicate content, so if SEO matters for pages you need sessions for, your best bet is to use cookies and use a method of alerting the site visitor that cookies are needed. Is there a reason you don't want to use cookies?
Session question! - El Forum - 12-01-2009
[eluser]Thomas Fuston[/eluser]
Thx for you answer
Well i got an Reason...
using cookies is maybe not very good, couse some not allow cookies,
but most important reason is that if someone deleting his cookies often, i get dead database lines, so database blow up without good reason. (i am using http://codeigniter.com/wiki/EckoSession/)
thx so far...
Lemontree
Session question! - El Forum - 12-01-2009
[eluser]Jondolar[/eluser]
Cookies are required to do any type of session work. It is the only way to bridge the stateless design of a web page. Sessions require cookies.
There are techniques to help validate a cookie such as comparing the IP addresses. CI allows you to change the cookie being used every few minutes which can help prevent someone from accessing a page using a hijacked cookie.
Session question! - El Forum - 12-01-2009
[eluser]jedd[/eluser]
[quote author="Jondolar" date="1259719129"]Cookies are required to do any type of session work. It is the only way to bridge the stateless design of a web page. Sessions require cookies. [/quote]
This is not strictly true - you can transfer state in the URL, as we're discussing here. It means you need a key - a UUID seems like an obvious candidate - or some homegrown variation on same - that is either maintained for the life of the session, or if you're excessively paranoid you instead go for single-use keys.
Personally I'd go the cookie route - anyone that disables cookies can be identified and alerted reasonably easily, and lengthy URLs (with a generic parameter buried somewhere in them) are way messier things to deal with IMHO.
Session question! - El Forum - 12-01-2009
[eluser]BrianDHall[/eluser]
Its really a question of how important is it that someone with cookies set to off, in this day and age, be able to use some cookie-required feature of your website? To me, these users aren't likely to pay me money and they rarely even exist, so screw the .001% paranoids that think 1st party cookies will deprive them of their civil rights or make the baby jesus cry, or whatever half-baked reasoning they have.
As to your database, if your database is blowing up because they have cookies turned off there is something wrong with your session handler. It should be garbage collecting WAY before that, if nothing else.
Session question! - El Forum - 12-01-2009
[eluser]Colin Williams[/eluser]
Cookies are part of the Web's foundation. Anyone disabling them isn't allowed to the party. It's like owning a car but removing the wheels. About all you can do is sit inside and play with the stereo. You aren't going anywhere.