Why ci using cookie based sessions?

[eluser]Arun Joshi[/eluser]
Hi All,

I searched a lot. but I cant find an answer. Actually why CI using cookie based session? Is there any particular reason for it? It made me a big trouble. My http://mysite.com is not keeping sessions that created in http://www.mysite.com. So a user who signed in to http://mysite.com is not able to access pages of http://www.mysite.com.

-Arun

[eluser]tonanbarbarian[/eluser]
most sites use cookies for sessions
the only other mechanism is to pass a session token in every url, and almost no one does that any more
simplest method is to use the webserver to force anyone who comes to www.mysite.com to be sent always to mysite.com
www is redundant anyway
if you ensure everyone accessing your site is always going to mysite.com without the www you have no problems

[eluser]Arun Joshi[/eluser]
If a browser is disabled the cookies, session wont work?

[eluser]InsiteFX[/eluser]
This will force it to always be www.mydomain.com

Code:

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^mydomain\.com
RewriteRule ^(.*)$ http://www.mydomain.com/$1 [R=301,NC]

Or

Code:

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^mydomain\.com
RewriteRule ^(.*)$ http://www.mydomain.com?/$1 [R=301,NC]

InsiteFX

[eluser]Arun Joshi[/eluser]
@InsiteFX,

your htaccess redirection is working perfect. But I want to include some rewrite condtions there.

Code:

RewriteCond $1 !^(index\.php|images|css|uploads|editor|albums|js|robots\.txt)
RewriteRule ^(.*)$ index.php/$1 [L]

I need the above rule plus

Code:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^mydomain\.com
RewriteRule ^(.*)$ http://www.mydomain.com/$1 [R=301,NC]

How to merge these two conditions. Please help.

Thanks
Arun

[eluser]InsiteFX[/eluser]
All you need to do is just add them to the bottom of the htaccess file.

InsiteFX

[eluser]tonanbarbarian[/eluser]
if the browser has cookies disabled do you really what that person at your site
the only reasons that anyone disables cookies in browsers is if you are working for an overly security paranoid company.
in my 15 years of web development I have only known 1 client company that ever actually blocked cookies on all its browsers
and that was several years ago now

i guarantee every single one of the top 100 site in the world, and probably the top 1000+, use cookies to store their login information, and if you have cookies disabled you just cannot use their site.

the historical reason why cookies are disabled be some paranoid people is actually because some of the old versions of browsers such as netscape and IE had security flaws whereby it was possible using javascript and other means to access cookies from other sites or even write new cookies without the users knowledge or permissions.
all of these bugs seem to have been fixed long ago

i dont even obth checking if javascript is disabled anymore for similar reasons. only time i ever advise disabling javascript in a browser would be in you knew a site was a malware site and you wanted to block js on those sites

[eluser]pbreit[/eluser]
Use cookies and move on.

[eluser]Pascal Kriete[/eluser]
I would suggest the redirect InsiteFx points out just to keep your content on a single url (search engines don't love duplicate urls for the same content).

It solves the www problem by removing it, but you'll still have problems with other subdomains. The solution is to set the cookie domain in your config file:

Code:

$config['cookie_domain']    = ".example.com";

The leading period is important, it will essentially match example.com and all of its subdomains. You could also force a cookie to be available on only one subdomain by including it in the cookie domain.