Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do PHP sessions work when cookies are disabled?

I've tried to research this mechanism but only find hints and these are not very consistent. How is the session _id sent to the browser and how is the browser instructed to return it when the user requests a new page?

Thanks, Chris

like image 781
cjakeman Avatar asked Mar 05 '09 08:03

cjakeman


People also ask

Will session work if cookies is disabled in PHP?

Sessions in PHP normally do use cookies to function. But, PHP sessions can also work without cookies in case cookies are disabled or rejected by the browser that the PHP server is trying to communicate with.

Does PHP session require cookies?

Yes. PHP sessions rely on a cookie containing a session key. Your session data are stored only on your server, but a unique ID is assigned to each session and that ID gets saved in a cookie.

What happens if cookies are blocked?

Here are some examples of what happens if you block all cookies: You may not be able to automatically sign in to a site because your saved username and password is deleted. Some web pages or features won't function. You may see a message on websites asking you to enable cookies for it to load.

Can we maintain session without cookies?

If its a public session then yes, you can use no cookies session.


1 Answers

PHP will do 2 things:

  • It will rewrite all links to pass an extra GET parameter, usually PHPSESSID but this can be changed by setting session.name in php.ini
  • It will add a hidden input with the same name after all <form> opening tags.

Note that this is a dangerous thing to do, because anyone who you e.g. copy/paste a URL to containing an PHPSESSID parameter will be able to share your login session on the site - the webserver has no easy way of telling that you are different from the person you sent the link to...

like image 129
Gareth Avatar answered Oct 17 '22 22:10

Gareth