On Fri, 24 Aug 2001 17:33:51 +0100, "Saurabh Kapoor"
<[EMAIL PROTECTED]> wrote:
>I would like to maintain a session without cookies, what would be the best
>way of going about this?
You missed a related discussion by just a few days. But here is a
summary of it ...
To initialize a session and force the browser to inject the PHPSESSID
string into the url of every page, including the first, use this code
in the very first page (and only the very first page!)
<?
$PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
session_start();
if (!session_is_registered('vsid')) {
session_register('vsid');
$HTTP_SESSION_VARS['vsid'] = session_id();
$sidurl = "Location: $PHP_SELF" . '?' . SID;
header("$sidurl");
exit();
}
....
.... remaining code on first page
....
?>
And then use this code on all pages you link to:
<?
session_start();
....
.... remaining code
....
?>
This approach has another benefit too:
On all pages you link to after the first, you can test the value of
"vsid" to see if it matches the value of PHPSESSID. That way, you can
determine whether the user reached the other pages by going through
the initial page. If not, you can reject the request with a message
like "improper request" or something similar.
In your php.ini, use:
variables_order = "ECGPS"
to make GET data override cookie data, and use:
session.use_trans_sid = 1
to have PHP inject the PHPSESSID string into document links (PHP also
needs a compile flag set, for this .ini value to work). And to turn
off cookies, use:
session.use_cookies = 0
Or if you have permission for setting these values in an .htaccess
file, then in .htaccess you can use:
php_value session.use_cookies 0
php_value session.use_trans_sid 1
php_value variables_order "ECGPS"
Hope that helps!
Egan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
