Using Sessions when Cookies are Disabled

Friday, 11 January 2013 , , 0

If cookies are disabled we must use a different method to pass the session id between different browsing request. (Since session uses Transient/Session cookie for storing the Session-ID on the client browser we can't use simple implementation of session for storing data on server when user disable the usage of cookie on browser. For more info about usage of cookie in session click here)


A popular method is to pass it in the URL and then process it in the subsequent browsing request using $_GET, e.g.

On index page redirect the request page by using the following code

header("Location : http://www.sitename.com/yourphppage.php?PHPSESSID=".session_id());

Then use the following in the loading page to retrieve the session id:
$_GET['PHPSESSID'];

Using GET is easily hacked.There are also other way to identify the user subsequent browsing request. For example using GET parameter with combination of IP address ($_SERVER['REMOTE_ADDR']),  user agent ($_SERVER[''HTTP_USER_AGENT'']). However, this is also not fully secure and creates performance issues.In any event, with the standard being that cookies typically are enabled, you can simply deny access to visitors who don’t accept cookies

Older Post

Leave a Reply

Related Posts Plugin for WordPress, Blogger...
Powered by Blogger.

Engine: Blogger Design:Ugesi Converted by LiteThemes.com