Pablo Oliva wrote: >I have read that in order to account for browsers/users who do not have >cookies enabled, that you should append the session id to the url (query >string). >
Yes, there are basically three ways that the Web client can pass a unique identifier to the server: 1. Cookie 2. URL variable 3. Post variable Using a Post variable requires that the user always be submitting a form with a method of post, so this isn't very flexible, and most people don't use it. So, to support users who do not have cookies enabled, the URL variable is your best alternative. >Now, if I do do that, >www.site.com?phpsessid=gafklgjr952344afgfa, > I'm not sure if you just made a typo here, but you *must* specify a resource in a URL. In your above example, you could specify document root (/) as the resource like this: http://www.site.com/?phpsessid=gafklgjr952344afgfa Or, you could specify a specific script to use: http://www.site.com/foo.php?phpsessid=gafklgjr952344afgfa Either way, it is best to use a proper URL. Even when Web clients handle improper URLs (most handle http://www.example.org for example, which fails to specify any resource), it is dangerous to depend on that.The old saying, "be strict in what you send and lenient in what you receive," has unfortunately been combined with, "use whatever works," so that many people are now lenient in what they send. :-) >do I have to do anything so >that I force php to recognize the session id in the query string? > The short answer is yes. However, it must be named whatever PHP is expecting it to be named (for example, a variable named foo won't be assumed to be the unique identifier), and you must not have php.ini configurations that will force PHP to ignore it (such as session.use_only_cookies, or whatever that one is called). I hope that answers your question. :-) Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
