Posted by Michael Vilain on 08/11/05 04:54

In article <1123720965.841659.36930@f14g2000cwb.googlegroups.com>,
ehendrikd@gmail.com wrote:

> hi all
>
> i need some clarification on how the php session work in relation to
> cookies.
>
> we have a web site where users need to log in. a few of our users were
> having troubles with their browser clients having different levels of
> cookie security settings. i assumed a solution would be to have the php
> site use the session only, and set session.use_cookies to 0 in the
> php.ini file. after doing this, the session no longer persits after
> moving from page to page.
>
> does the session need to have cookies enabled to work? if so, what is
> the point of this setting? if not, what settings do i need to set to
> make the session work sever side only?
>
> thanks in advance

Since web servers don't retain state from page to page, it is up to the
browser or the application to maintain the state if needed. Browsers
can do so with a cookie. Alternatively, if you code the application to
transfer a session key created on login to subsequent pages via a POST
(more secure) or GET, you can maintain state. Each page must be
responsible for checking the validity of the key obtained from the
browser via a cookie or via POST or GET.

http://nl2.php.net/manual/en/ref.session.php has a more extensive
discussion.

--
DeeDee, don't press that button! DeeDee! NO! Dee...

[Back to original message]