Disabled cookies
What options do I have to work around disabled c开发者_开发百科ookies for session management?
- In the page in hidden field
- In the query string
- In the HTTP header
You can append an SID variable to every link you output to the user. PHP has some built in support for this.
Well, all a cookie does is holds on to the big ugly string your system generated as that user's session identifier (SID) for you. If you don't have cookies, the goal is to get that SID sent in with every request from that specific user.
Creating a hidden form field with the SID in it is necessary when you are accepting input from the user. You should probably read up a bit on Cross-Site Scripting vulnerabilities - might as well head these off while you're monkeying with your forms anyway.
Adding data to links (via the query string) is typically called "URL Rewriting", so just look that up for details. The upshot is that every time you output a link it must have the SID as one of the parameters in the query string.
For example: "http://mysite.com/action?SID=da83fdec49ebfafe4"
Some frameworks can handle this URL rewriting semi-transparently.
精彩评论