You're missing one method - using the user's IP address It's not a guaranteed fool-proof method, but if you don't want to use cookies or the URL, then this sorta works.
-----Original Message----- From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 15, 2002 10:04 AM To: Matthew Walker Cc: [EMAIL PROTECTED] Subject: RE: [PHP] Sessions Without Cookies or SID Passing... I am understanding the problem perfectly. HTTP is stateless. You want to maintain state accross requests. This is done in 3 different ways. 1. Cookies 2. URL Mangling 3. HTTP Authentication You said you did not want to do 1 or 2. That only leaves you with HTTP Authentication. HTTP Authentication is really just like a cookie that can't be disabled when it comes down to it. -Rasmus On Tue, 14 May 2002, Matthew Walker wrote: > You're not understanding the problem. This is not an authentication > situation. We are using sessions to track information about what a > customer's OrderID is, and other related information. > > Matthew Walker > Senior Software Engineer > ePliant Marketing > > > -----Original Message----- > From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 14, 2002 5:42 PM > To: Matthew Walker > Cc: [EMAIL PROTECTED] > Subject: Re: [PHP] Sessions Without Cookies or SID Passing... > > Use standard HTTP authentication over SSL - that's the only other way. > > On Tue, 14 May 2002, Matthew Walker wrote: > > > We have a shopping cart product we're developing in PHP, and I've > > recently come across I dilemma that I need to find a reliable solution > > to. > > > > Many of the people who will be shopping on our sites have cookies > > disabled, which presents a problem when using sessions. Now, I am > aware > > of the fact that we could append the SID constant to every URL, but > this > > will not work for us. None of our sites are dynamic, and updating them > > is out of the question (We have over 100 sites). As well, someday we > > intend to sell this software, and we don't want to require that people > > make their sites fully dynamic to accommodate it. > > > > So, is there any reliable way to emulate sessions without requiring a > > cookie, or a variable passed in every URL? > > > > Matthew Walker > > Senior Software Engineer > > ePliant Marketing > > > > > > > > --- > > Outgoing mail is certified Virus Free. > > Checked by AVG anti-virus system (http://www.grisoft.com). > > Version: 6.0.351 / Virus Database: 197 - Release Date: 4/19/2002 > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.351 / Virus Database: 197 - Release Date: 4/19/2002 > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
