PHP session without cookies

php cookies session

Solution 1:

I don't think it's too much to ask your users to enable cookies. I find it silly when people turn them off entirely.

Otherwise, you can set your session.use_only_cookies to "0" to force the appendage of a session ID to URLs within your php. This approach, however, has several draw backs. Mainly that of keeping the state within the URL, as opposed to the Cookie header. If a user were to copy and paste the URL of the page they were on, and someone else were to click on it, they would both be using the same session.

<?php
     ini_set("session.use_cookies", 0);
     ini_set("session.use_only_cookies", 0);
     ini_set("session.use_trans_sid", 1);
     ini_set("session.cache_limiter", "");
     session_start();

Solution 2:

You can set the ini-Value of session.use_trans_sid to true in order to activate appending the session id to every URL. Have a look at this.

For security purposes you should then limit the session to the IP that created the session. This is not perfectly secure though, as someone with the same IP (behind a proxy e.g.) could reuse that very same session.

Solution 3:

You can work with session IDs in URLs, and disabling cookies with:

ini_set('session.use_cookies', 0);
ini_set('session.use_only_cookies', 0);
ini_set('session.use_trans_sid', 1);
session_start();
// IP check
if($_SESSION['ip_check'] != $_SERVER['REMOTE_ADDR']){
   session_regenerate_id();
   session_destroy();
   session_start();
}
$_SESSION['ip_check'] = $_SERVER['REMOTE_ADDR'];
// session stuff

Note: it's highly discougared to use session IDs in URLs. IP addresses can change when travelling around with a wireless card and proxy servers have the same IP address. It's easily broken when clicking 'an old URL' (with the old session ID).

You may also be interested in creating your own session handling function (in conjuction with a database). You would ignore the session ID, and bind it to the IP address. (see examples in http://php.net/manual/en/function.session-set-save-handler.php)

References:

  • http://php.net/manual/en/session.configuration.php

Related

What are the benefits of a relative path such as "../include/header.h" for a header?
Sorting a php array of arrays by custom order
Running "cordova build android" - unable to find attribute android:fontVariationSettings and android:ttcIndex
How to add a tooltip to an svg graphic?
Why not infer template parameter from constructor?
Removing item from vector, while in C++11 range 'for' loop?
Android Studio - Auto complete and other features not working
How to change the zOrder of object with Threejs?
Iteration over a sealed trait in Scala?
How do PrimeFaces Selectors as in update="@(.myClass)" work?
Error while importing Tensorflow in Python 2.7 in Ubuntu 12.04. 'GLIBC_2.17 not found'
libstdc++-6.dll not found