Login without cookies

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

does anyone know how to create a login system with PHP that does not use
cookies? I am finding that more and more users seem to be setting their
privacy settings to high, this not accepting cookies.

Regards, Caesar.

Re: Login without cookies

Quoted text here. Click to load it

One way is to assign the user a session ID and pass it between
scripts via POST/GET.  If a script does not get a valid session
ID, it must redirect the client to the login page.

Another way is to use HTTP authentication, i.e., sending out
an "Authenticate:" HTTP header.


Re: Login without cookies

On Sun, 29 Aug 2004 16:55:39 +0200, Cezar wrote:

Quoted text here. Click to load it


Re: Login without cookies

*** CJ Llewellyn escribió/wrote (Sun, 29 Aug 2004 17:40:31 +0100):
Quoted text here. Click to load it

Another option is to use sessions and transmit the session ID in the URL.
As for privacy, that's obviously worse than those innocent cookies but
paranoid uses don't normally have much technical knowledge ;-)

-+ Álvaro G. Vicario - Burgos, Spain - ICQ 46788716
+- http://www.demogracia.com (la web de humor para mayores de 100 años)
++ «Sonríe, que te vamos a hacer una foto para la esquela»

Re: Login without cookies

If you keep the login details in a server-side session then you don't need
to keep any data in a cookie. By default PHP will create a session-temporary
cookie (which exists only in memory, and which gets deleted when the browser
session closes) which contains nothing but "PHPSESSID=<sessionid>", so
unless the user has session-temporary cookies turned off then this will be
used. Alternatively PHP will append the string "PHPSESSID=<sessionid>" to
every URL, but transmitting the sessionid in plain text like this opens up a
security problem.

Tony Marston


Quoted text here. Click to load it

Site Timeline