Hi there

I have a problem with sessions at the moment. My aim is to be able to use sessions with out getting those ugly url's.

In my php.ini session.use_trans_sid is on and session.use_cookies is on. I'm using ini_set("url_rewriter.tags",""); to stop the server from creating url's with PHPSESSID=bunchofrandomnumbersandlettershere which works perfectly. The thing is that if a user is not accepting cookies then a session isn't saved and I'm not entirely sure why.

First page has the following code

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<form id="form1" name="form1" method="post" action="session02.php">
<p><label for="name">Name:</label>
<input type="text" name="name" id="name" /></p>
<p><input type="submit" name="Submit" value="Submit" /></p>
</form>
</body>
</html>

Second page

<?php
ini_set("url_rewriter.tags","");
// initiate session
session_start();
// check that form has been submitted and that name is not empty
if ($_POST && !empty($_POST['name'])) {
// set session variable
$_SESSION['user'] = $_POST['name'];
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?php
// check session variable is set
if (isset($_SESSION['user'])) {
// if set, greet by name
echo 'Hi, '.$_SESSION['user'].'. <a href="session03.php">Next</a>';
}
else {
// if not set, send back to login
echo 'Who are you? <a href="session01.php">Login</a>';
}
?>
</body>
</html>

Third page

<?php
ini_set("url_rewriter.tags","");
session_start();
ob_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?php
// check whether session variable is set
if (isset($_SESSION['user'])) {
// if set, greet by name
echo 'Hi, '.$_SESSION['user'].'. See, I remembered your name!<br />';
// unset session variable
unset($_SESSION['user']);
// invalidate the session cookie
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-86400, '/');
}
ob_end_flush();
// end session
session_destroy();
echo '<a href="session02.php">Page 2</a>';
}
else {
// display if not recognized
echo 'Sorry, I don\'t know you.<br />';
echo '<a href="session01.php">Login</a>';
}
?>
</body>
</html>

Bottom line is I'd like to be able to store sessions if someone isn't accepting cookies.

Well it seems your only option is server side cookies as I call (an invented) them. Although I don't know how to code this with sessions but I will explain the theory. If you set up a Mysql database with 2 columns that will hold all of the session id data for all viewers. One column has their ip address while the other is the session id. When the user starts the session, the session id is recorded and their ip address if the ip address cannot be found. If their ip address is found then they can retrieve their previous session id. And each time they enter a page, the page looks up in the database their session id where the ip address in the database matches the ip address the user currently has. So basically you can use mysql to store the session id and the session id will allow you to unlock the rest of the session data from the server.

This article has been dead for over six months. Start a new discussion instead.