Author Topic: Simple Question about Sessions/Cookies (Read 1300 times)

Broda · « **on:** March 22, 2007, 03:19:55 PM »

If the client has cookies disabled, will sessions work?

I'm getting mixed answers from the web...

sanlands · « **Reply #1 on:** March 22, 2007, 03:22:28 PM »

No, if I deleted my cookies this instant I would have to relogin to this forum. If you want to try it out. Go to Internet Options and delete your cookies or disable them. Then go back and reenable them after you're done.

Sinzygy · « **Reply #2 on:** March 22, 2007, 03:29:54 PM »

I just made a test, disabled cookies and tried to log into my game which uses sessions.

Result: Nope, didn't work. <- I guess here's your answer. Don't know tho if it's different for differen browser. I'm using firefox.

Broda · « **Reply #3 on:** March 22, 2007, 03:30:38 PM »

So what would be the option then for persisting data from one page to the next? POSTing it? That would seriously suck.

Zeggy · « **Reply #4 on:** March 22, 2007, 03:44:34 PM »

You could put up a notice and get all visitors to turn on cookies

Now, seriously

You could try saving the data in a table, and setting a time limit for the entries, so it is regularly cleared out. Then identify the user by browser version, ip address, etc. You basically make your own server-side "cookies"

Sinzygy · « **Reply #5 on:** March 22, 2007, 04:24:22 PM »

Maybe passing along an ID via URL and then call the corresponding table entry. But you'd still have to have some verification (like store the password and ip for each new entry in the table) <- this is in addition to zeggys suggestion

Broda · « **Reply #6 on:** March 22, 2007, 04:44:27 PM »

Maybe a combination of POST and codestryke's thread about session security, i.e. use an md5 encoded string so it wouldn't be easily faked.

codestryke · « **Reply #7 on:** March 22, 2007, 08:50:29 PM »

The reason you are getting mix responses from the web is because it's yes and no on how PHP works with sessions.

The way PHP works is it looks at the browser agent, from a an internal lookup it determines if that browser can support cookies, if it does it defaults to using using a cookie based session. It DOES NOT determine if it does support cookies and the user has enable cookies turned to off.

When it does detect that a cookie cannot be used then it puts the sessionid in the URL and uses it.

At one time I believe there was a way to force PHP to use either the cookie or url encoded string but not sure how it works now because I use cookies and force the players to use cookies if they want to play any of my games. If the option is available look in the PHP.ini file if you can, if you are on a hosted web site you probably won't have that option (ie to look / change the PHP.ini file).

There is also a PEAR library that'll use a database to store session data as well but I never used it that one either.
http://pear.php.net

Hope this helps ya out a bit...

Broda · « **Reply #8 on:** March 22, 2007, 09:04:14 PM »

Thanks CS. That makes a lot of sense.

I always have cookies enabled in my browsers but if someone went to a public library or somewhere that the security was tight they wouldn't be able to play. This is why I was asking in the first place - to make my game as accessible as possible. I'm also going to check a few phones/pdas and make sure it works and looks ok on them.

News:

Author Topic: Simple Question about Sessions/Cookies (Read 1300 times)

Broda

Simple Question about Sessions/Cookies

sanlands

Re: Simple Question about Sessions/Cookies

Sinzygy

Re: Simple Question about Sessions/Cookies

Broda

Re: Simple Question about Sessions/Cookies

Zeggy

Re: Simple Question about Sessions/Cookies

Sinzygy

Re: Simple Question about Sessions/Cookies

Broda

Re: Simple Question about Sessions/Cookies

codestryke

Re: Simple Question about Sessions/Cookies

Broda

Re: Simple Question about Sessions/Cookies