Re: [PHP] PHP Session Variables Not Being Set For Certain Browsers

From: Gerard Samuel (php-general_at_trini0.org)
Date: 12/27/03 

To: "Andy Higgins" <andy.higgins@telkomsa.net>, php-general@lists.php.net
Date: Sat, 27 Dec 2003 10:36:50 -0500

On Saturday 27 December 2003 07:03 am, Andy Higgins wrote:
> Hello All,
>
> I have been racking my head over a problem where a large percentage of
> users are unable to log into my php site due to what seems to be a problem
> with setting php session variables on certain end user browsers (certain
> versions of AOL seem to be particularly problematic). Below are some
> snippets of code that are used to do the authentication/ login.
>
> Has anyone encountered the same problem and if so do you have a solution?
> The only solution I can think of is to pass the session using PHPSESSION in
> the URL however I would like to avoid this if at all possible as it
> involves a major re-write of the code (as session variables are used
> elsewhere in the session) and if I am not mistaken if a user accesses a
> non-php page then the session is lost requiring them to log in again.
>

Im just putting the finishing touches to my code, that I had to rewrite for
similar reasons as you.
You're going to have to include the session id in the url for those users who
do not allow cookies.
Using this fact about the constant SID
a) If the user's browser accepts cookies, SID will be empty ""
b) If the user's browser does not accept cookies, SID will be "PHPSESSID=xxx"

So what I did, was append the constant SID to all urls/forms and php header()
(for redirection) functions that point to the site that is serving the
content (dont append SID to urls going to other sites).

So the final results will be
a) If the user's browser accepts cookies, urls/forms/php header() will be
normal
b) If the user's browser does not accept cookies, the session id is appended
to urls/forms/php header()

OR

you can take the easy way out, and turn on transparent ids with ->
http://us2.php.net/manual/en/
install.configure.php#install.configure.enable-trans-sid

Relevant Pages

  • Re: Attempt to de-mystify AJAX
    ... >>maintaining a session via URL is not a problem. ... >> around cookies and JS, but it seems to be tough. ... >> as needed back to the server. ... but as I mentioned before - a non-dynamic request by the browser can ...
    (comp.databases.pick)
  • Re: What is URL rewriting?
    ... URL rewriting is the option when the client browser doesn't accept ... browser doesn't accept cookies. ... user information is usually stored as session object. ... so that the user agent can send that ID back on its next request. ...
    (comp.lang.java.programmer)
  • Re: Can SID be trusted?
    ... Jerry Stuckle wrote: ... [Having the session ID in SID even when cookies are used] ... in SID - and, not knowing any better, gets the session id and places it ...
    (comp.lang.php)
  • Re: [PHP] PHP Session Variables Not Being Set For Certain Browsers
    ... browser accepts cookies and if not then append the SID as described? ... >> The only solution I can think of is to pass the session using PHPSESSION ...
    (php.general)
  • Re: Getting around a weird browser cookie bug...
    ... very unusual bug with their browser ... and start using it like normal but all of a sudden the browser ... to stop storing cookies, so session storage goes out the window.. ...
    (comp.lang.php)