Welcome Guest, Not a member yet? Register   Sign In
How does the Session-Library work if cookies are rejected by the browser?
#1

If cookies are accepted by the browser everything works well. But if cookies are rejected by the browser it doesn’t work.

With the following PHP-settings in case of rejected cookies the session-id should be attached to the URL. I tried it with the native PHP-command session_start() and it works (http://localhost/ /read.php?PHPSESSID=db06i2694i0tfbf80h39jm8fd0).

Many thanks in advance.

PHP-settings:
session.use_cookies
On
session.use_only_cookies
Off
session.use_strict_mode
Off
session.use_trans_sid
1
Reply
#2

(This post was last modified: 04-09-2019, 07:58 AM by skunkbad.)

It seems like you understand sessions enough to get you in trouble. Having the session ID as a query string param is a security risk. Instead, test for cookies and let the site visitor know that they must enable cookies for your site to work properly.

And by the way, if somebody doesn't have cookies enabled, most of the internet is probably broken for them anyways, so they're used to it.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB