Hi ,

IF Client disabled the cookies..my question is ..

Will session works in PHP..and if yes how it will work ? and if no what other method to maintain the state of the user.

Thnaks in advance,
mangesh.

You will need to put the session ID in the URL. You will need to make a change in your php.ini file so if you are on a shared host you will need to contact them to see what they will do for you.

Can you just tell using PHP if a client browser has their cookies enabled?
I would like to just find out and inform them that they need to enable cookies to use the cart on my site.
Thanks.

1) Set a cookie

2) Check for that cookie. If you don't see it, then they don't accept cookies.

Thanks John - I thought of doing that but wanted to know if there was another way.
Ric

Unfortunately that's the only reliable way. If you are going to do that be sure to wait until you are actually going to start the session before doing it. That way users with cookies turned off can still surf the site without being bothered with that message. While doing so they may decide it is worth turning cookies on to do what they need to do.

Thanks for the reply, John

I have a situation that I can't see any way around - I am posting a page to itself and I would like to inform a visitor that the operation of adding items to their cart did not work as they have not enabled cookies on their browser.

However, I can't see a way of distinguishing between a new visitor to the page with cookies disabled and the reload from a visitor with cookies disabled who hit the "add to cart" button.

Do you have any ideas? The only thing I can think of is of going via a second page which can check if the session is carried forward or a cookie is set and then going back to the original 'page' with:
echo "<body onload=setTimeout(\"location.href='page.php'\",0)>";
but when you do that you get a white screen while that is happening in between the reloads.

I don't know if I can give a link in this forum but I have my page on the internet in a Testing folder if you want to have a look to see what I am trying to do.

Thanks

Ric

As soon as they hit your site set a cookie regardless of what page they enter from. Don't check for it right away though. Some people will just want to browse and that's fine. But as soon as they try to use a feature that requires cookies look for the cookie you set. If it isn't there take them to a page that explains why they need to have cookies enabled.

Comments
Good info

As soon as they hit your site set a cookie regardless of what page they enter from. Don't check for it right away though. Some people will just want to browse and that's fine. But as soon as they try to use a feature that requires cookies look for the cookie you set. If it isn't there take them to a page that explains why they need to have cookies enabled.

I recommend this method too.
It's simple yet effective, without too much complexity or code to be done.

1) Set a cookie when user visits site.
2) If they try to do something which needs cookies, check if the cookie exists.. if it doesn't they don't have cookies enabled.
Thus take them to the "cookies required" page.

Cheers.

Welldone stymiee, nice logic ;)

Thanks for the replies but unless there is some way of intercepting between when the customer hits the submit button ('Add to Cart') and when the page submits to itself there is no way of knowing if the reload is from the submit button or a new visitor. I see other web sites are linked to this forum so if you want to have a look at my site go to http://www.biodistributors.com.au/Testing/PriceListFiles/health.php and disable cookies and see what happens when you try to add items to the cart. The idea is that the "view cart' button doesn't show if the cart is empty. What I am developing now is to show the "view cart' button all the time and when a user who has disabled cookies hits it they get the explanation about cookies needing to be set. Before that the page will just reload unchanged.

Ric

Thanks for the replies but unless there is some way of intercepting between when the customer hits the submit button ('Add to Cart') and when the page submits to itself there is no way of knowing if the reload is from the submit button or a new visitor.

if u want a way to tell thats a page is submitted or just loaded
u could use a hidden input in the form
then check if the name of this var is in the $_POST
then it is submitted else it is just the first load

Thanks for the replies but unless there is some way of intercepting between when the customer hits the submit button ('Add to Cart') and when the page submits to itself there is no way of knowing if the reload is from the submit button or a new visitor. I see other web sites are linked to this forum so if you want to have a look at my site go to http://www.biodistributors.com.au/Testing/PriceListFiles/health.php and disable cookies and see what happens when you try to add items to the cart. The idea is that the "view cart' button doesn't show if the cart is empty. What I am developing now is to show the "view cart' button all the time and when a user who has disabled cookies hits it they get the explanation about cookies needing to be set. Before that the page will just reload unchanged.

Ric

You can tell a new visitor on that page because they will be sending a HTTP GET Request. Thus your $_GET will be populated instead of $_POST.

When the submit button is clicked, they you will have a HTTP POST Request. Thus you'll have $_POST populated.
You'll also have

$_POST['submit']; // = 'Add selected items to cart'

This is the value of the submit button.

If you set a cookie (say 'test') on every page like mentioned, then when you get to the point where the "Add to cart" button is clicked, you should either have:

// cookie support
$_POST['submit']; // = 'Add selected items to cart'
$_COOKIE['test']; // = '1';

or:

// no cookie support
$_POST['submit']; // = 'Add selected items to cart'
$_COOKIE['test']; // = '';

If you get the second one, display the message to turn on cookies.

You can also have the sessionID appended to the URL instead of placed in a cookie as mentioned before. The problem with this approach is that it is vulnerable to a number of social based attacks.

---

If you are not satisfied with having to have the user request a second page in order to know whether or not cookies are supported, you could use javascript to check for cookie support, and update the cart with JS.
The problem with this is that it requires JS enabled, so you'll still have to have the PHP fallback methods.

eg: JS

<script>
<script>

// check support of cookies and add an alert to the form.onsubmit() event
function check_cookie_support() {
	document.cookie = 'test=1'
	if (!document.cookie.match(/test=1/)) {
		// say if your form has the id=cart_form
		var form = document.getElementById('cart_form');
		if (form) {
			form.onsubmit = function() {
				alert('sorry, please enabled cookies to use the cart'); // warn user
				return false; // stops form submission
			};
		}
	}
}

window.onload = check_cookie_support; // check support after DOM has loaded

</script>


</script>
Comments
excellent I found this really useful :)
good post

You can tell a new visitor on that page because they will be sending a HTTP GET Request. Thus your $_GET will be populated instead of $_POST.

When the submit button is clicked, they you will have a HTTP POST Request. Thus you'll have $_POST populated.
You'll also have

$_POST['submit']; // = 'Add selected items to cart'

]
Thanks for that - it works a treat. I didn't realise you could retrieve the value of the submit button.

Ric

$_POST['submit']; // = 'Add selected items to cart'

]
Thanks for that - it works a treat. I didn't realise you could retrieve the value of the submit button.

Ric

Glad that helped.

I blogged on this topic some time back: <snip>

One of the drawbacks of this method is that it intrudes on the presentation layer. If you check for the value of the submit button, then you make changes to that value in the HTML (presentation) subject to changes in your PHP code (logic) also. (If you plan to update HTML later, you break the php code)

A better alternative if you have only one submit button is the method suggested by w_3rabi.

if u want a way to tell thats a page is submitted or just loaded
u could use a hidden input in the form
then check if the name of this var is in the $_POST
then it is submitted else it is just the first load

The hidden input is not part of the presentation layer, but instead part of your php logic.

Or you can just check if the submit button was clicked, and not its value.

if (isset($_POST)) {
// form submission
}

Regarding the check for cookies enabled or not, I use a different method:
I check for the SID constant - if cookies are enabled, than SID is an empty string, if cookies are disabled, SID is a string like this "session_name()=session_id()".
So,

if (SID == '') {
echo "cookies are enabled";
}
else {
echo "cookies are disabled; SID should be appended to url":
}
Of course, session should be started before all these!!!

I just want to thank everyone who replied to this posting. It gave me about four choices of how to do something I initially thought couldn't be done. I must say I think johny_d's solution is the one I will use.

It is nice to know there is a 'community' of like minded people willing to help each other. Once I have learnt more I hope I can help some others.

Thanks again

Ric Easton

Regarding the check for cookies enabled or not, I use a different method:
I check for the SID constant - if cookies are enabled, than SID is an empty string, if cookies are disabled, SID is a string like this "session_name()=session_id()".
So,

if (SID == '') {
echo "cookies are enabled";
}
else {
echo "cookies are disabled; SID should be appended to url":
}
Of course, session should be started before all these!!!

Just so you'll understand what you're doing better if you go with Jonny_d's solutions.

The SID being set does not mean cookies are supported. It means that PHP was able to register a PHP session.
The SID will be set under two conditions:

1) The HTTP Request from the browser contained a PHP session cookie.
2) The HTTP Request from the browser contained a $_GET variable that PHP interprets as the Session ID.

If the condition was (2) then cookies are not supported, but a PHP session was registered via the URL.

This is the best test for the ability of PHP to keep a session, but not for the ability to persist cookies.

If you explicitly state in your PHP configuration (php.ini) that PHP sessions should be restricted to cookies (which I believe is default for later versions) then the SID constant test will implicitly test for cookies. It still requires at least one previous HTTP Request to set the cookie (2 page loads).

It still brings you to your first problem, where you would not know if the user just landed on the page, or submitted the form.

Hope that sheds some more light on the subject.

This article has been dead for over six months. Start a new discussion instead.