• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How does the Session-Library work if cookies are rejected by the browser?

#1
If cookies are accepted by the browser everything works well. But if cookies are rejected by the browser it doesn’t work.

With the following PHP-settings in case of rejected cookies the session-id should be attached to the URL. I tried it with the native PHP-command session_start() and it works (http://localhost/ /read.php?PHPSESSID=db06i2694i0tfbf80h39jm8fd0).

Many thanks in advance.

PHP-settings:
session.use_cookies
On
session.use_only_cookies
Off
session.use_strict_mode
Off
session.use_trans_sid
1
Reply

#2
It seems like you understand sessions enough to get you in trouble. Having the session ID as a query string param is a security risk. Instead, test for cookies and let the site visitor know that they must enable cookies for your site to work properly.

And by the way, if somebody doesn't have cookies enabled, most of the internet is probably broken for them anyways, so they're used to it.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
2 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.