[FX.php List] Cookie issue

Joel Shapiro jsfmp at earthlink.net
Mon Feb 25 08:24:33 MST 2008


Do many people here include SID stuff in your sites regularly, or do  
you only add them in if/when you find out that visitors to your sites  
have cookies turned off?

i.e. Would you say it's good practice to always use:
   pagereference.php<?php echo '?'.SID; ?>   ?
Any reasons/times when it could be problematic?  (and could  
pagereference.php? ever be a problem -- with the extra question mark?)

-Joel


On Feb 22, 2008, at 5:12 PM, Steve Winter wrote:

> Taking into consideration everything that's been said since this  
> post, the
> bottom line is YES...!!!
>
> You do have to surmount the logistical issue, but then you should  
> be able to
> do that with a search and replace on the page(s) concerned, since  
> the beauty
> of SID is that if a cookie exists, then SID resolves to nothing at  
> all,
> whereas if the cookie doesn't exist then it resolves to the default  
> session
> ID name = session ID, so if you search and replace every instance of
> pagereference.php with pagereference.php<?php echo '?'.SID; ?> then  
> in the
> instances when a cookie exists SID will resolve to nothing at all  
> so the
> link will become pagereference.php? in the situation when the  
> cookie does
> not exist it will become pagereference.php?PHPSESION=sesionID at  
> which point
> the sessions will function correctly...
>
> Please excuse any typing errors in this message as it's rather late  
> on a
> Friday evening where I am and several wines have been consumed ;-)
>
> Cheers
> Steve
>
> -----Original Message-----
> From: fx.php_list-bounces at mail.iviking.org
> [mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Bob Patin
> Sent: 22 February 2008 23:29
> To: FX.php Discussion List
> Subject: Re: [FX.php List] Cookie issue
>
> So here's the question then: if I were to pass the session variable in
> all of my links and URLs (which I seriously doubt I'm going to go in
> and do), and they had cookies disabled, the session variable would
> tell my web server which set of session data to retrieve, and all
> would be well?
>
> The downside of this is the logistical nightmare of adding the
> variable to every link on the site, and this particular web app has
> literally dozens of them per page because it shows cars, and each car
> has a link on it to farther into the web app.
>
> But it's a possibility... :)
>
> BP
>
> On Feb 22, 2008, at 12:03 PM, Steve Winter wrote:
>
>> server, and all you're passing in the URL is the session ID...
>>
>> If you've got a session started, and the user has cookies, when you
>> do a
>> print_r($_REQUEST); you'll see the session ID in there... all PHP is
>> doing,
>> on the server side is looking for that session ID in the $_REQUEST
>> data...
>> it doesn't care if it comes from a cookie, a URL or a form post...
>>
>> On the page where you first create the session with session_start
>> SID then
>> contains the value of the session ID, and can from that point on be
>> used to
>> append the session ID to any get or post, at which point all the
>> session
>> data, which is on the server, is available...
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list



More information about the FX.php_List mailing list