No, it doesn't work at all. All sorts of people are behind proxies. Every AOL user, for example. All these people end up showing up as the same, or at least one of a pool of a few dozen ips. If you use this methods millions of users will end up sharing the same shopping cart. That's probably not a good idea.
-Rasmus On Wed, 15 May 2002, Martin Towell wrote: > You're missing one method - using the user's IP address > It's not a guaranteed fool-proof method, but if you don't want to use > cookies or the URL, then this sorta works. > > -----Original Message----- > From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 15, 2002 10:04 AM > To: Matthew Walker > Cc: [EMAIL PROTECTED] > Subject: RE: [PHP] Sessions Without Cookies or SID Passing... > > > I am understanding the problem perfectly. HTTP is stateless. You want to > maintain state accross requests. This is done in 3 different ways. > > 1. Cookies > 2. URL Mangling > 3. HTTP Authentication > > You said you did not want to do 1 or 2. That only leaves you with HTTP > Authentication. HTTP Authentication is really just like a cookie that > can't be disabled when it comes down to it. > > -Rasmus > > On Tue, 14 May 2002, Matthew Walker wrote: > > > You're not understanding the problem. This is not an authentication > > situation. We are using sessions to track information about what a > > customer's OrderID is, and other related information. > > > > Matthew Walker > > Senior Software Engineer > > ePliant Marketing > > > > > > -----Original Message----- > > From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, May 14, 2002 5:42 PM > > To: Matthew Walker > > Cc: [EMAIL PROTECTED] > > Subject: Re: [PHP] Sessions Without Cookies or SID Passing... > > > > Use standard HTTP authentication over SSL - that's the only other way. > > > > On Tue, 14 May 2002, Matthew Walker wrote: > > > > > We have a shopping cart product we're developing in PHP, and I've > > > recently come across I dilemma that I need to find a reliable solution > > > to. > > > > > > Many of the people who will be shopping on our sites have cookies > > > disabled, which presents a problem when using sessions. Now, I am > > aware > > > of the fact that we could append the SID constant to every URL, but > > this > > > will not work for us. None of our sites are dynamic, and updating them > > > is out of the question (We have over 100 sites). As well, someday we > > > intend to sell this software, and we don't want to require that people > > > make their sites fully dynamic to accommodate it. > > > > > > So, is there any reliable way to emulate sessions without requiring a > > > cookie, or a variable passed in every URL? > > > > > > Matthew Walker > > > Senior Software Engineer > > > ePliant Marketing > > > > > > > > > > > > --- > > > Outgoing mail is certified Virus Free. > > > Checked by AVG anti-virus system (http://www.grisoft.com). > > > Version: 6.0.351 / Virus Database: 197 - Release Date: 4/19/2002 > > > > > > > > > -- > > > PHP General Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > > --- > > Outgoing mail is certified Virus Free. > > Checked by AVG anti-virus system (http://www.grisoft.com). > > Version: 6.0.351 / Virus Database: 197 - Release Date: 4/19/2002 > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php