maintain state accross requests. This is done in 3 different ways.
1. Cookies
2. URL Mangling
3. HTTP Authentication
#4 Passing a SID/Session info in hidden fields, but it means
you must push every page move through a submit (which can be
done with Javascript, image buttons, etc),
Use standard HTTP authentication over SSL - that's the only other way.
On Tue, 14 May 2002, Matthew Walker wrote:
We have a shopping cart product we're developing in PHP, and I've
recently come across I dilemma that I need to find a reliable solution
to.
Many of the people who will be
On Tue, 14 May 2002, Matthew Walker wrote:
Many of the people who will be shopping on our sites have cookies
disabled, which presents a problem when using sessions. Now, I am aware
of the fact that we could append the SID constant to every URL, but this
will not work for us. None of our sites
Senior Software Engineer
ePliant Marketing
-Original Message-
From: Miguel Cruz [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 14, 2002 5:48 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Sessions Without Cookies or SID Passing...
On Tue, 14 May 2002, Matthew Walker wrote:
Many
Lerdorf [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 14, 2002 5:42 PM
To: Matthew Walker
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Sessions Without Cookies or SID Passing...
Use standard HTTP authentication over SSL - that's the only other way.
On Tue, 14 May 2002, Matthew Walker wrote:
We have
is, and other related information.
Matthew Walker
Senior Software Engineer
ePliant Marketing
-Original Message-
From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 14, 2002 5:42 PM
To: Matthew Walker
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Sessions Without Cookies
On Tue, 14 May 2002, Matthew Walker wrote:
The sites are not dynamic, but the shopping cart /is/. The problem is,
if people don't have cookies on, when they return to the site to order
more products, they loose the SID that has been appended to the links
inside the cart, and thus loose the
Walker
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] Sessions Without Cookies or SID Passing...
I am understanding the problem perfectly. HTTP is stateless. You want to
maintain state accross requests. This is done in 3 different ways.
1. Cookies
2. URL Mangling
3. HTTP Authentication
You said you
]
Subject: RE: [PHP] Sessions Without Cookies or SID Passing...
I am understanding the problem perfectly. HTTP is stateless. You want
to
maintain state accross requests. This is done in 3 different ways.
1. Cookies
2. URL Mangling
3. HTTP Authentication
You said you did not want to do 1 or 2
:[EMAIL PROTECTED]]
Sent: Wednesday, May 15, 2002 10:04 AM
To: Matthew Walker
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] Sessions Without Cookies or SID Passing...
I am understanding the problem perfectly. HTTP is stateless. You want to
maintain state accross requests. This is done in 3
Could you explain how this could be accomplished, because I'm not
understanding how to do it.
As I understand HTTP Authentication (correct me if I'm wrong), the
user's computer still has to send a 'username/password' pair to perform
the authentication. I can't see how this could be used to
: RE: [PHP] Sessions Without Cookies or SID Passing...
You're missing one method - using the user's IP address
It's not a guaranteed fool-proof method, but if you don't want to use
cookies or the URL, then this sorta works.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit
PROTECTED]]
Sent: Tuesday, May 14, 2002 5:30 PM
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] Sessions Without Cookies or SID Passing...
If it ain't foolproof then only a fool would use it ...
IP addresses are just about the worst way to identify anyone.
-Original Message-
From: Martin Towell
Engineer
ePliant Marketing
-Original Message-
From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 14, 2002 6:26 PM
To: Matthew Walker
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] Sessions Without Cookies or SID Passing...
Could you explain how this could be accomplished, because
You're missing one method - using the user's IP address
It's not a guaranteed fool-proof method, but if you don't
want to use cookies or the URL, then this sorta works.
Unless there's a firewall using NAT or a proxy cache involved. I know
for a fact that our internal network only ever
15 matches
Mail list logo