Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Question about session w IE set to "Block All Cookies" 1

Status
Not open for further replies.
john99999

john99999

Instructor
Apr 29, 2005
73
US
If all Block All Cookies in IE is disabled, will sessions work?

I cant seem to get IE to accept my session variable if Privacy is set to "Block All Cookies" (this highest setting), does this also block php session variable?

If Privacy is set to high the session variables work and if i use a custom setting "Block all 1st party cookies, block all 3rd party cookies, allow session cookies" it works.

Can anyone confirm or deny that session variables will work if "Block All Cookies" is set in IE? A session variable isn't a cookie is it? Where are session variables actually stored?
 
Sort by date Sort by votes
By default, PHP stores the ID of each session in a cookie on the browser. If your browser is set to deny all cookies, then the session ID cookie cannot be created, and sessions by cookie will fail.

It is also possible, however, to use PHP sessions through the setting of the session ID on the URL or within forms. AS the PHP online manual main page on session handling points out:

URL based session management has additional security risks compared to cookie based session management. Users may send a URL that contains an active session ID to their friends by email or users may save a URL that contains a session ID to their bookmarks and access your site with the same session ID always, for example.


Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
1. Only of you use transparent SID, i.e. all links will be populated with the session ID as a GET variable in the URL.

2. If sessions are based on the SID to be transferred by a cookie (which is most common) then PHP sessions will also be blocked.

3. no comment

4. Cookie based sessions will not work with that setting. Only transparent SID will work. Read in the PHP manual about the security implications raised by transparent SID.

Session variables are not cookies. The session vars are stored on the server. The cookie is only used to transfer the session ID to the server so it can retrieve the stored session data.
 
Upvote 0 Downvote
Is there any other way to do it?

I've seen sessions written to the /tmp directory on the server before, would that work?
 
Upvote 0 Downvote
All session-use writes files to the /tmp directory. That's where PHP stores the actual data.

(That's not actually true. The data can, through script intervention, put the data anywhere. I have a FAQ here about using MySQL as the store for session data.)

Only the session ID is stored in the URL or the cookie. But cookie or URL are the only ways I know of.



Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

R
  • Locked
  • Question
How Can I Use MySQL To Send Data To An Email
Replies
1
Views
367
Chris Miller
Chris Miller
P
  • Locked
  • Question
JPgraph - How to stop a line graph from dropping to zero?
Replies
2
Views
435
Chris Miller
Chris Miller
W
  • Locked
  • Question
how to send checked row data in php
Replies
0
Views
128
wiltang2004
W
c0deM0nK424
  • Locked
  • Question
Gutenberg Block Editor - page edits and updates not working since wp site migration
Replies
1
Views
691
spamjim
spamjim
rogerte
  • Locked
  • Question
How to parse associative array
Replies
13
Views
1K
Chris Miller
Chris Miller

Part and Inventory Search

Sponsor

Back
Top