Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<blockquote> <p>So basically my question is, am I right?</p> </blockquote> <p>Mostly. In the real world: <strong>YES</strong>.</p> <blockquote> <p>Can you use PHP sessions if you disable cookies in your browser? </p> </blockquote> <p>You CAN use PHP sessions without cookies, <strong>as long as the browser identity is obtained somehow and yields a unique value</strong> (and this value is passed to the PHP session layer):</p> <ul> <li>session ID in GET (which is the "standard" PHP way if cookies are not allowed, and the "other" way you described). This value is then propagated automatically by PHP, e.g. added to all A HREF's and so on. Where it is not propagated because the automagical link recognition failed (e.g. complex URL built in Javascript), it is your responsibility to provide accordingly.</li> </ul> <p>Or - and here we're not in Kansas anymore:</p> <ul> <li>passed among the nonces with Auth Digest <em>(this is a dirty trick, and of course requires that the whole site is behind an Auth-Digest access authentication scheme. And you can no longer use a "dummy auth" (i.e. <a href="http://welcome:guest@www.example.com" rel="nofollow">http://welcome:guest@www.example.com</a> ) because some browsers, e.g. Internet Explorer, do not support them anymore for security reasons)</em></li> <li>recognizing the browser some other way ("fingerprinting") (<em>this is normally(1) suicidal</em>)</li> <li>Use LSO (Local Shared Objects) to generate a random UUID if it's not there already, and store it so that it can be retrieved on subsequent accesses.</li> <li>other ways ( see <a href="http://en.wikipedia.org/wiki/Evercookie" rel="nofollow">http://en.wikipedia.org/wiki/Evercookie</a> )</li> </ul> <p>(1) if you were in a LAN where you can trust the IPs, you could associate a "session" to the user IP. You might enforce a strict "no cookies" policy in a small firm and still have user sessions without resorting to _GET/_POST for your session ID.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload