----- Original Message ----- From: "Gordon Stewart" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 13, 2007 2:11 PM Subject: [php-list] Sessions & Cookies
Hi there, I know that users can switch cookies off - Via their browsers... Is that true also for sessions ? Basically - we have an existing site, but we are planning to add languages etc too it, However do not want to add another / extra variables to the URL eg :- ?language=english&(rest of URL) :- ?language=french&(rest of URL) If we store the language selection (& maybe other variables) as sessions - will it work for all browsers etc (I do know once you close the window, the sessions are erased, but cookies can be kept for a while)..... ---------------------------- session_start() will attempt to send a cookie and if it is not found on the next page load, it will use a GET method URL query string on all links like http://mydomain.com/path/file/php?PID=57F6D6ECB55 To see the effect of this you can go to a site using sessions and dissable cookies on your browser. Only the PID or SID need be passed back and forth between the server and client either by cookie or GET method. You can session_register() any variable into the PHP environment once a session is started and it will be available to any script with a session_start() during the entire session. If you have register_globals enabled (see phpinfo()) then any GET method qurie string is entered into the PHP environment space. Be awere that hackers will use this. For example - <?php if ($_POST['username'] == "admin" && $_POST['password'] == "ghhjHYF6gyu") { $loggedin = 1; } if ($loggedin == 1) { da ta da da ta } ?> To defeat the script above I can just enter the following URL into my browser if register_globals is enabled. http://mydomain.com/login.php?loggedin=1 So always initialise important variables - <?php $loggedin = 0; if ($_POST['username'] == "admin" && $_POST['password'] == "ghhjHYF6gyu") Having said all of this - your question relates to languages. As far as I am aware search engine spiders still do not follow query strings or maintain sessions with the remote server. For this reason it would NOT do your search engine ranking any good to use either method (cookie / session) for different languages. It would be better to have a mapped rewrite so that English would appear as http://mydomain.com/en/index.php It could still actually be http://mydomain.com/index.php?en as far as PHP is concerned. To do this you use a mod rewrite directive in a http.conf file or a .htaccess file. The server can then convert the URL http://mydomain.com/en/index.php into http://mydomain.com/index.php?en so that it is easy to code the PHP without duplicating pages and at the same time search engines would not be aware of any query strings. google 'rewrite engine'
