Re: Re: session cookies enabled?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, May 8, 2007 2:56 pm, ccspencer@xxxxxxxxxxxx wrote:
> Richard Lynch writes:
>> Send one cookie, see if it comes back, and if it does, tie
>> everything to that cookie.
>
> OK.  So how do I see if it comes back?

if (isset($_COOKIE['foo'])){
  //cookie came back
}
else{
  //cookie did NOT come back
}

> I send the user a page that tries to set a session cookie.  That
> page would then have to forward him to a second page which would
> check for the cookie being sent.  Right?

Yes.

Send the cookie with the homepage, login page, or whatever they are
first going to see.

Don't show them anything they shouldn't see without the cookie.

Check if they have a cookie.

It's probably best to just do all this in an include file that you
pull in on any page that needs cookies.

You can even make the include file abort the rest of the page output
if you want to require them to login with a valid session before going
any further.

> So I there is nothing I can check so I can do it with a single page?

Oh.

No.

It does seem like that would be a Nifty thing for the browser to have
sent with the first request, but that's just not the way it works.

It's an inherent 2-request process.

HTTP Request -> Reply with Cookie -> HTTP Request with Cookie (or not)

You'd have to duke it out with Mozilla and Microsoft to get that to
change, and they probably aren't gonna want to send a
pre-acceptane-of-cookie letter of intent with every HTTP requrest...

Especially not when the vast majority of HTTP requests don't need
cookies anyway...  Well, I never did a statistical analysis of that,
but across the 'net as  whole?  Yeah, I think it's a pretty safe
statement...

>> You can also set up php.ini and use the built-in sessions with
>> http://php.net/session_start so that PHP will take care of this
>> for you.
>
> That is what I was intending to do.  How do I find out if whether
> or not the session cookie was accepted using the built-in sessions?

You don't.

You turn on the Cookies and the trans_sid in php.ini, and let PHP
worry about whether it was cookies or not and re-write your URLs if it
wasn't.

Or maybe it just re-writes them no matter what anyway, but prefers the
Cookie if it's there?

Whatever.

If, after doing that, you still feel the need to "know" if they used a
cookie or not, then you can use http://php.net/set_session_params and
choose a cookie/session name, and then you can test with:
if (isset($_COOKIE['whatever_you_chose_in_set_session_params'])){
}
and then you'll know if they used Cookies or Trans SID in URL...

But you won't really care, as all the info you need is in $_SESSION
either way, so it doesn't matter if they used a cookie or the ID in
the URL or sent a little squirrel along the wire with an engraved
acorn.

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux