Hi all,

Forgive me for re-posting this topic, but I still can't get my head
around the right way to work with sessions/cookies, whilst providing
some sort of server side testing for people without cookies.  I do not
want to do it client side (javascript etc).

I've got a block of code that I can include at the top of any page,
which protects it by:

1   looking for a session
2a  if one doesn't exist, provides a login form
2b  if one does exist, displays the page

Easy enough, untill someone comes in with cookie turned off, and they
get a login page each and every time they get a protected page.  Bad.

If I want to provide access to all users, then I need to pass the
session around in the URL, but if I'm reasonably happy to exclude non
cookie browsers, I'd like to provide an explanation page that tells them
why they can't access the site, etc etc.

So what's the flow of code to test for cookies on the server side?  I'm
pretty sure that the only way is to set a cookie, then test for it.

+ look for the session

   + if session does exist, show the page

   + if session doesn't exist, look for a cookie called 'cookieAvailable'

      + if 'cookieAvailable' doesn't exist, set it, and refresh the
script with ?cookieTest=set (to know i've already set it)

         + if 'cookieAvailable' still doesn't exist, show a "sorry, no
cookies" page

      + if 'cookieAvailable' does exist, show a login form, let them
login and start a session

I guess the expiry date of the cookieAvailable should be only a day
(since it's *possible* that they could turn cookies off), and same with
the session expiry.

Anything I'm missing here?

Thanks in advance,
Justin French

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to