/    Sign up×
Community /Pin to ProfileBookmark

[RESOLVED] sessions w/o cookies

Copy linkTweet thisAlerts:
Jul 21.2006

Why session cookies is not an option:
Users will enter my PHP page and I want them to be able to reload the page as many times as they want and be given a new session nor do I want to lose users or receive complaints about cookies being enabled. If I were to use session cookies, the cookie wouldn’t expire upon page reload and give the user a new session.

The user enters my page via a GET request: filloutform.php and is given a unique session
The user submits the form via a POST request: filloutform.php?step=2 the session from the first page is passed along
The user submits that form via a POST request: filloutform.php?step=3 the session is passed along from the 2nd page that was passed from the first page which was generated when the user first entered the entry page.
etc.

Upon the entry of the system filloutform.php, I want PHP to generate a unique string for the user e.g. b6b6991099b90dfe8c76b474a5790842 store it in a variable $sessionid, log it into the database and use it twice within my form:

[code]
<form method=”post” action=”[color=blue]filloutform.php?step=2[/color]”>

<img src=”imagegenerator.php?sessionid=[color=blue]<? echo $sessionid; ?>[/color]” alt=”Confirmation Image”>
<input type=”text” name=”confirmationcode” value=””>
<input type=”hidden” name=”sessionid” value=”[color=blue]<? echo $sessionid; ?>[/color]”>

</form>
[/code]

How would I generate a unique string for each user that enters the entry of the system and each time they reload the entry page it would generate a new string?

to post a comment
PHP

5 Comments(s)

Copy linkTweet thisAlerts:
@themartyJul 21.2006 — http://www.php.net/session

if [b]session.use_only_cookies[/b] is set to [b]0[/b] PHP will automatically pass the session-id through the url instead of cookies, when cookies are not available

p.s. i think trans-id also has te be enabled.

anyways, you can find all the info at that page - including the risks of using the url
Copy linkTweet thisAlerts:
@UltimaterauthorJul 21.2006 — Thanks for the information themarty, not quite what I was looking for...

I think the buzz word I was looking for here was a UUID (Universal Unique Identifier).
<i>
</i>mysql_query("SELECT UUID()")

The function uniqid also seems to do what I want.
<i>
</i>md5(uniqid(rand(), true))
Copy linkTweet thisAlerts:
@themartyJul 22.2006 — but why wouldn't you just let PHP handle it? with the settings i gave you, you won't have to worry about excluding people who have cookies disabled.

involving mysql just generates extra overhead. .. unless you want to create your own session-handler using a database
Copy linkTweet thisAlerts:
@Vectorman211Jul 22.2006 — I think that's exactly what he wants to do. I don't see the reason for it however, you still have to keep track of who the user is somehow ?.
Copy linkTweet thisAlerts:
@themartyJul 22.2006 — I don't see the reason for it however, you still have to keep track of who the user is somehow[/quote]

well, that's not too hard.

when someone's trying to log in, you've already appointed a session-id to him, so once he has succesfully logged in you can record his user-id with his session-id
×

Success!

Help @Ultimater spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.18,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...