PHP session without cookies
Solution 1:
I don't think it's too much to ask your users to enable cookies. I find it silly when people turn them off entirely.
Otherwise, you can set your session.use_only_cookies
to "0" to force the appendage of a session ID to URLs within your php. This approach, however, has several draw backs. Mainly that of keeping the state within the URL, as opposed to the Cookie header. If a user were to copy and paste the URL of the page they were on, and someone else were to click on it, they would both be using the same session.
<?php
ini_set("session.use_cookies", 0);
ini_set("session.use_only_cookies", 0);
ini_set("session.use_trans_sid", 1);
ini_set("session.cache_limiter", "");
session_start();
Solution 2:
You can set the ini-Value of session.use_trans_sid
to true in order to activate appending the session id to every URL. Have a look at this.
For security purposes you should then limit the session to the IP that created the session. This is not perfectly secure though, as someone with the same IP (behind a proxy e.g.) could reuse that very same session.
Solution 3:
You can work with session IDs in URLs, and disabling cookies with:
ini_set('session.use_cookies', 0);
ini_set('session.use_only_cookies', 0);
ini_set('session.use_trans_sid', 1);
session_start();
// IP check
if($_SESSION['ip_check'] != $_SERVER['REMOTE_ADDR']){
session_regenerate_id();
session_destroy();
session_start();
}
$_SESSION['ip_check'] = $_SERVER['REMOTE_ADDR'];
// session stuff
Note: it's highly discougared to use session IDs in URLs. IP addresses can change when travelling around with a wireless card and proxy servers have the same IP address. It's easily broken when clicking 'an old URL' (with the old session ID).
You may also be interested in creating your own session handling function (in conjuction with a database). You would ignore the session ID, and bind it to the IP address. (see examples in http://php.net/manual/en/function.session-set-save-handler.php)
References:
- http://php.net/manual/en/session.configuration.php