[FX.php List] Cookie issue

Steve Winter steve at bluecrocodile.co.nz
Mon Feb 25 08:34:40 MST 2008


Hi Joel,

I've used (a variant of) pagereference.php<?php echo '?'.SID; ?> in some
solutions, but not in others, as determined by the client's view on
cookies... if the site must allow for users not having cookies on (ie pretty
much anything that's live to the general public) then yes, you're going to
need it...

And yes, if you did
  pagereference.php<?php echo '?'.SID; ?> and then used some other PHP logic
to append other data to the end of the URL, if you inserted a second ? so
that on non-cookie systems you might end up with;
  pagereference.php?PHPSESSION= thrty?test=test&amp;truck=car
then you're going to run into problems...

You can test it for yourself, if you do a print_r($_REQUEST) of a URL like
the above then you end up with;
Array
(
    [PHPSESSION] => thrty?test=test
    [truck] => car
)

In practice the way that I've handled that has been;
  pagereference.php<?php if(isset(SID)) echo '?'.SID.'&'; else echo '?'; ?>
then you can append additional parameters as required...

HTH

Cheers
Steve


-----Original Message-----
From: fx.php_list-bounces at mail.iviking.org
[mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Joel Shapiro
Sent: 25 February 2008 15:25
To: FX.php Discussion List
Subject: Re: [FX.php List] Cookie issue

Do many people here include SID stuff in your sites regularly, or do  
you only add them in if/when you find out that visitors to your sites  
have cookies turned off?

i.e. Would you say it's good practice to always use:
   pagereference.php<?php echo '?'.SID; ?>   ?
Any reasons/times when it could be problematic?  (and could  
pagereference.php? ever be a problem -- with the extra question mark?)

-Joel


On Feb 22, 2008, at 5:12 PM, Steve Winter wrote:

> Taking into consideration everything that's been said since this  
> post, the
> bottom line is YES...!!!
>
> You do have to surmount the logistical issue, but then you should  
> be able to
> do that with a search and replace on the page(s) concerned, since  
> the beauty
> of SID is that if a cookie exists, then SID resolves to nothing at  
> all,
> whereas if the cookie doesn't exist then it resolves to the default  
> session
> ID name = session ID, so if you search and replace every instance of
> pagereference.php with pagereference.php<?php echo '?'.SID; ?> then  
> in the
> instances when a cookie exists SID will resolve to nothing at all  
> so the
> link will become pagereference.php? in the situation when the  
> cookie does
> not exist it will become pagereference.php?PHPSESION=sesionID at  
> which point
> the sessions will function correctly...
>
> Please excuse any typing errors in this message as it's rather late  
> on a
> Friday evening where I am and several wines have been consumed ;-)
>
> Cheers
> Steve
>
> -----Original Message-----
> From: fx.php_list-bounces at mail.iviking.org
> [mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Bob Patin
> Sent: 22 February 2008 23:29
> To: FX.php Discussion List
> Subject: Re: [FX.php List] Cookie issue
>
> So here's the question then: if I were to pass the session variable in
> all of my links and URLs (which I seriously doubt I'm going to go in
> and do), and they had cookies disabled, the session variable would
> tell my web server which set of session data to retrieve, and all
> would be well?
>
> The downside of this is the logistical nightmare of adding the
> variable to every link on the site, and this particular web app has
> literally dozens of them per page because it shows cars, and each car
> has a link on it to farther into the web app.
>
> But it's a possibility... :)
>
> BP
>
> On Feb 22, 2008, at 12:03 PM, Steve Winter wrote:
>
>> server, and all you're passing in the URL is the session ID...
>>
>> If you've got a session started, and the user has cookies, when you
>> do a
>> print_r($_REQUEST); you'll see the session ID in there... all PHP is
>> doing,
>> on the server side is looking for that session ID in the $_REQUEST
>> data...
>> it doesn't care if it comes from a cookie, a URL or a form post...
>>
>> On the page where you first create the session with session_start
>> SID then
>> contains the value of the session ID, and can from that point on be
>> used to
>> append the session ID to any get or post, at which point all the
>> session
>> data, which is on the server, is available...
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list

_______________________________________________
FX.php_List mailing list
FX.php_List at mail.iviking.org
http://www.iviking.org/mailman/listinfo/fx.php_list




More information about the FX.php_List mailing list