Cookies and session variables

To find out were session variables are stored I included this
instruction in my program:
echo ini_get("session.save_path");

The reply was /home/7604/data/tmp which is a folder on my server.

I look at /home/7604/data/tmp and it is full of session files for
today.

Even so, if I have cookies blocked for my site http://easyquestion.net
in IE6 or cookies turned off in Mozilla Firefox no session variabes
are stored. I don't think it should be like this. I read somewhere
that 'PHP sessions will work even if the user has cookies disabled."

What am I doing wrong?

Regards,

Jan Nordgreen

Re: Cookies and session variables

On Nov 8, 9:04 pm, damezumari wrote:
> To find out were session variables are stored I included this
> instruction in my program:
> echo ini_get("session.save_path");
>
> The reply was /home/7604/data/tmp which is a folder on my server.
>
> I look at /home/7604/data/tmp and it is full of session files for
> today.
>
> Even so, if I have cookies blocked for my sitehttp://easyquestion.net
> in IE6 or cookies turned off in Mozilla Firefox no session variabes
> are stored. I don't think it should be like this. I read somewhere
> that 'PHP sessions will work even if the user has cookies disabled."
>
> What am I doing wrong?
>
> Regards,
>
> Jan Nordgreen

Yap. That's all normal, just in case you wander. If cookies are
enabled, then
session id will be stored in the cookie, automatically sent on next
request to
to the server, and the PHP script will know which file to open for
reading the
values. However, if you reject cookies, then your browser will not
send anything
to the server and it won't be able to find out which session is yours.

If you don't want to rely on cookies, you can pass SID parameter
(containing what
session_id() returned) as URL argument, which will also be recognized
automatically
when session_start() is called. This, however, isn't recommended, due
to security
issues. Someone can see the ID, and if interested, can type if at his
home as SID
in the URL and automatically be logged in. This is not what you want,
so this technique
is generally avoided.

Your duty, as a programmer, is usually only to make sure cookies are
enabled and display
the page(s), or detect that the cookies are disabled, and warn the
user about this saying
"please turn on your cookies, this site is worth shit without
cookies" (no offense intended,
such is mine, too, and it's not a bad thing)

You can check if cookies are enabled by sending a cookie to the
client, and
checking if it still exists in his next request. It's the only way, to
my knowledge.

I hope this helped.

Re: Cookies and session variables

On Thu, 08 Nov 2007 21:04:30 +0100, damezumari =
=

wrote:

> To find out were session variables are stored I included this
> instruction in my program:
> echo ini_get("session.save_path");
>
> The reply was /home/7604/data/tmp which is a folder on my server.
>
> I look at /home/7604/data/tmp and it is full of session files for
> today.

http://nl2.php.net/manual/en/ref.session.php

Check what the chance(!) is that old session files are deleted by the =

garbage collecor:

session.gc_probability 1
session.gc_divisor 1
session.gc_maxlifetime 1440


> Even so, if I have cookies blocked for my site http://easyquestion.net=

> in IE6 or cookies turned off in Mozilla Firefox no session variabesare=
=

> stored.

A browser with cookies turned off, and session settings only allowing =

cookie based sessions will generate a new session on every request. So =

yeah, it would be a quickly growing amount of sessionfiles.


> I don't think it should be like this. I read somewhere
> that 'PHP sessions will work even if the user has cookies disabled."

It could work if you allow it.

session.use_cookies 1
session.use_only_cookies 0
session.use_trans_sid 1
url_rewriter.tags "a=3Dhref,area=3Dhref,frame=3Dsrc,form=3D,fieldset=3D=
"

Don't be very amazed if all your clientele from google seem to have the =
=

same sessionid though...
-- =

Rik Wasmus

Re: Cookies and session variables

damezumari wrote:
> To find out were session variables are stored I included this
> instruction in my program:
> echo ini_get("session.save_path");
>
> The reply was /home/7604/data/tmp which is a folder on my server.
>
> I look at /home/7604/data/tmp and it is full of session files for
> today.
>
> Even so, if I have cookies blocked for my site http://easyquestion.net
> in IE6 or cookies turned off in Mozilla Firefox no session variabes
> are stored. I don't think it should be like this. I read somewhere
> that 'PHP sessions will work even if the user has cookies disabled."
>
> What am I doing wrong?
>
> Regards,
>
> Jan Nordgreen
>
>

Jan,

How PHP handles session id's is determined by the php.ini file. You
have two options: session.use_cookies and session.use_only_cookies.

If session.use_cookies is 1, PHP will attempt to store the session id in
a cookie. If it's 0, PHP will pass the session id in the URL.

If session.use_cookies is 1 and the cookies are disabled on the browser,
then session.use_only_cookies comes into play. If that is 0, PHP will
again pass the session id in the browser. And if it's 1, PHP will just
not pass the session id at all.

If you're on a shared host, you may be able to override these in your
..htaccess file. It all depends on what your host allows.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================