Thread: Session, without cookies, but without session.use_trans_sid, try this one.

Ok, I turned off cookies & My Company doesn't allow cookies and I’m trying to keep the script global. But I need to keep the system secure. So Trans SID is not at option either.

Umm, after a beer and a round of Half Life 2: Death Match. I thought database.

Storing the Current Session ID, next to some of the current user’s details & their IP, I will have a secure system.

Ok.

Store ID to database… Done
Set ID back from the database to access the Session data… Umm.

Here’s the Question how I set the Session ID.

Unfortunatly, if you so not have cookies then the only way to keep track of a session is through a session ID appended to the URL. Using the IP address of the user will not work for the following reasons:

• Proxies: ISPs often cahce data and this could result on different parts of you script being requested by diffeent proxies and thus different IP addresses.
• Dial up users: Dial up users are given a different IP address every time they connect.
• NAT: Network address translation allows many users on a LAN to access thee Internet through just one external IP address.

Used in conjunction with an IP address a session ID passed with the URL is relitiivley secure.

The PHP Session Handling module will fall back to using the query string, should setting a cookie fail. You must append the constant SID to each llink in your page for this to work. The PHP session handling module also allows you to change where the sessions are stored. If you look in my signature I have link to a session handling class which allows you to save the sessions in a Mysql database.