is PHP $_SESSION variable a cookie?
I want to set a session variable in case cookies are disabled.
Is the session variable also a cookie?
When I use the Firefox Web Developer tool to disable all cookies, or delete the path cookies, the session does not work either.
pr0gr4mm3r posted this at 05:49 — 21st February 2009.
He has: 1,502 posts
Joined: Sep 2006
Yes, the default method is by storing a cookie, but the cookie only has the session ID, not the contents of the $_SESSION variable. There are alternate ways to keep the session alive. More information here: http://us.php.net/manual/en/session.idpassing.php
decibel.places posted this at 13:53 — 21st February 2009.
He has: 1,494 posts
Joined: Jun 2008
I think you meant the section about saving the session info in a database
That is not really an option here.
If I turn off accept cookies in Firefox options, the session does not work either.
Any suggestions for setting some kind of flag without cookies? AJAX? (what if JavaScript is turned off?)
pr0gr4mm3r posted this at 15:35 — 21st February 2009.
He has: 1,502 posts
Joined: Sep 2006
Nope, not what I was talking about. The manual page I linked to talked about an alternate way to keep the session alive, which is by passing the session ID manually. To get the 'PHPSESSID=asfi76as8f76asd' parameter, use the SID constant, or to just get the session id by itself, use the session_id() function.
There is an easier way to do all of that...with --enable-trans-id enabled, the session ID is automatically passed either in any link clicked, or as a hidden form field in a submitted form.
decibel.places posted this at 05:29 — 22nd February 2009.
He has: 1,494 posts
Joined: Jun 2008
ok ic - the session ID is passed in the URL instead of stored in the cookie
greg posted this at 08:21 — 3rd March 2009.
He has: 1,581 posts
Joined: Nov 2005
yeah, unfortunately making for ugly URL's.
Dare I mention ... turning register globals ON ? ...
*runs away and hides waiting for the flurry of comments*
This of course wont work as of PHP 6 anyway, so it's not a good idea.
Other options:
You could use a DB, or a file to store some temp data, but that all starts getting complex having to check when users leave the site etc.
Use a form with hidden-type data and forward it each time, GET still has data in the url of course, and I keep well away from post data wherever possible as the pop-up is annoying.
I had this issue with my last client, they wanted a major visitor tracking system with time/date/page and visitors city or town.
I decided to just show a message if the user didn't have cookies turned on.
"Sorry, to use this site you need to turn on cookies, they are safe .. yadda yadda"
The number of people without cookies is low, and even then a high percentage of those people will know they have turned them off and will just stick them back on for your site if they wish/require.
You could incorporate two methods.
Test if user has cookies, if yes just set cookie as required, if no use GET.
How your site would deal with the choice of GET or cookies depends on the site. What functions, pages etc you have.
decibel.places posted this at 02:50 — 4th March 2009.
He has: 1,494 posts
Joined: Jun 2008
what pop-up? I use post on forms all the time I have not seen any pop-up.
"Sorry, to use this site you need to turn on cookies, they are safe .. yadda yadda"
There's a great page on Google that explains how to turn on cookies in various browsers - I have decided to display a link to this page if cookies are disabled. (yeah, and I just had a bright idea to use some browser sniffer code to display the appropriate instructions - maybe next time, or I can add it to the project when I get a chance)
Since I posted this I had to rework the code because of license issues, so I hope I "improved" it.
I also considered a db (cumbersome - from where I plugged into the project, I do not think a db exists for the site and getting authorization etc was more complicated than it was worth) or a flat file (not so good when there are a lot of visitors) but I finally decided to stay with cookies.
@pr0gr4mm3r - I do not want to add anything to the URL, putting sessions in the URL is an SEO no-no.
greg posted this at 10:14 — 4th March 2009.
He has: 1,581 posts
Joined: Nov 2005
what pop-up? I use post on forms all the time I have not seen any pop-up.
When you use browser back button to a page that had data POSTed to it, you get "The page you are trying to view contains POSTDATA... etc"
You must have SURELY had that before.
Although static URL's are easier to index, they can index dynamic ones. Statics ones 'in general' may get a better rank, but the difference between them is decreasing all the time.
Just don't try to mask them (mod_rewrite etc) or hide them or make them appear to be static in any way, and keep them as short as possible,
I don't think it's a "no-no" though, especially if you need to use them.
Of course, don't just use them for the sake of it when it's avoidable, but if you need to use them, use them!
pr0gr4mm3r posted this at 14:00 — 4th March 2009.
He has: 1,502 posts
Joined: Sep 2006
mod_rewrite would be a bad idea. Google will visit your site one day and be sent to example.com/page/df98g76adf986asd8f5as8g5d9f8g one day, and then when it returns, it will be directed with a different session id and be something like example.com/page/vb8966sd865sd8fs9gh79sdf - big problem with duplicate content.
decibel.places posted this at 14:55 — 4th March 2009.
He has: 1,494 posts
Joined: Jun 2008
You must have SURELY had that before.
Yeah, reloading a page that has data posted asks you if you want to repost the data.
1. Why would the user be using the BACK button if your navigation is clear and functional? If the user habitually uses the browser buttons for nav s/he will be used to this message.
2. In this case the PHP page that gets posted to is an interstitial page that does not get displayed and sends a fresh header location. Clicking on the BACK button after verification brings up the verification form, not the PHP processing URL.
As pr0gr4mm3r pointed out, temporary tokens such as a session id in the URL can cause confusion for search bots, as well as a problem if the user bookmarks that page and tries to return to an expired session.
greg posted this at 15:38 — 4th March 2009.
He has: 1,581 posts
Joined: Nov 2005
People use it. I use it. Having a pop-up on pages each time you click back that doesn't go away unless you choose an answer is a pain, and a confusing technical question to some.
Just because people are accustomed to an annoyance doesn't alleviate any of their frustration when it happens to them on your site.
But that only allows for checking of user input from page A to page B (and potentially a Page C from redirect on Page B).
It doesn't resolve your issue of checking on each page if the user has entered their age.
decibel.places posted this at 16:40 — 4th March 2009.
He has: 1,494 posts
Joined: Jun 2008
But that only allows for checking of user input from page A to page B (and potentially a Page C from redirect on Page B).
It doesn't resolve your issue of checking on each page if the user has entered their age.
Actually, the other pages have a JavaScript file loaded that does the checking and redirects to the verification page if cookies are enabled but the verification cookie is missing. Without cookies, the verification page redirects directly to a specific page without posting the form.
And if cookies are enabled and the BACK button is used, the posted-to page does not display at all, the trail leads back to the verification page...
So in this application, the issues with POST are avoided.
greg posted this at 16:51 — 4th March 2009.
He has: 1,581 posts
Joined: Nov 2005
What if they have JS disabled?
decibel.places posted this at 19:42 — 4th March 2009.
He has: 1,494 posts
Joined: Jun 2008
yeah, and what if they are using a screen reader, or a 14.4 kbps phone modem?
In this case, if JS is disabled, they will not be directed to the verification page... I believe that "best effort" has been made to secure self-verification of age (and there is nothing preventing a 10 year old from averring he is 30).
greg posted this at 19:51 — 4th March 2009.
He has: 1,581 posts
Joined: Nov 2005
decibel.places posted this at 19:59 — 4th March 2009.
He has: 1,494 posts
Joined: Jun 2008
I added a link that will only display if js is disbled -
I think that should cover it...
greg posted this at 20:31 — 4th March 2009.
He has: 1,581 posts
Joined: Nov 2005
Well, I'm definitely glad it's all sorted, 'cos it's getting a bit squashed here now..
--------> <--------
pr0gr4mm3r posted this at 20:50 — 4th March 2009.
He has: 1,502 posts
Joined: Sep 2006
There should be an indent limit.
greg posted this at 21:15 — 4th March 2009.
He has: 1,581 posts
Joined: Nov 2005
I wonder if we could get it down to one word per line?
pr0gr4mm3r posted this at 21:39 — 4th March 2009.
He has: 1,502 posts
Joined: Sep 2006
I bet it's possible.
decibel.places posted this at 00:51 — 5th March 2009.
He has: 1,494 posts
Joined: Jun 2008
is this the equivalent of forum "limbo"? How low can you go?
pr0gr4mm3r posted this at 01:00 — 5th March 2009.
He has: 1,502 posts
Joined: Sep 2006
what_happens_when_a_word_is_too_long_anyway?
decibel.places posted this at 03:16 — 5th March 2009.
He has: 1,494 posts
Joined: Jun 2008
looks like it gets clipped...
but edit/quote still shows the text
decibel.places posted this at 03:43 — 5th March 2009.
He has: 1,494 posts
Joined: Jun 2008
taking it down another notch
decibel.places posted this at 03:44 — 5th March 2009.
He has: 1,494 posts
Joined: Jun 2008
I think this will be one word per line - maybe not short words
decibel.places posted this at 03:45 — 5th March 2009.
He has: 1,494 posts
Joined: Jun 2008
now it should be one word per line
decibel.places posted this at 03:46 — 5th March 2009.
He has: 1,494 posts
Joined: Jun 2008
can we take it all the way to the vanishing point, like drawing perspectives?
decibel.places posted this at 03:47 — 5th March 2009.
He has: 1,494 posts
Joined: Jun 2008
aha, fluid layout adjusts to container
greg posted this at 08:47 — 5th March 2009.
He has: 1,581 posts
Joined: Nov 2005
I'm sorry ... did you say something?
decibel.places posted this at 15:34 — 5th March 2009.
He has: 1,494 posts
Joined: Jun 2008
I commented on how the layout switched from horizontal to vertical
pr0gr4mm3r posted this at 15:30 — 3rd March 2009.
He has: 1,502 posts
Joined: Sep 2006
Yeah, you better run.
When the session ID is included in the URL, there is nothing the developer has to do to fetch that ID, it's handled by PHP.
pulseraiser posted this at 15:42 — 1st June 2009.
They have: 10 posts
Joined: May 2009
Session state variables if uses cookie as its underlying mechanism then its a big flaw in PHP i am ASP.NET developer and clearly both are distinct things. Session uses the server memory while a cookie uses the clients computer memory. I think you faced this problem due to some configuration maybe in which the server memory is given the priority. I dont know it sounds so very unfair.
greg posted this at 15:50 — 1st June 2009.
He has: 1,581 posts
Joined: Nov 2005
I believe by default PHP will use some memory, referencing the sess_id (maybe) but regardless, what's wrong with using files and user storage?
I mean, why waste precious RAM
There are options in PHP to use any of the three states.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.