Blah. That's a really ugly choice, but I suppose we may end up having to do that.
I'd give my kingdom for always-on cookies. Ah well. I'll look into this some more once my current project is finished. Thanks for your advice. (And thanks to everyone else too) Matthew Walker Senior Software Engineer ePliant Marketing -----Original Message----- From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 14, 2002 6:26 PM To: Matthew Walker Cc: [EMAIL PROTECTED] Subject: RE: [PHP] Sessions Without Cookies or SID Passing... > Could you explain how this could be accomplished, because I'm not > understanding how to do it. > > As I understand HTTP Authentication (correct me if I'm wrong), the > user's computer still has to send a 'username/password' pair to perform > the authentication. I can't see how this could be used to maintain > session data. > > But maybe my mind is just trapped in a rut. Please enlighten me. The problem here is not where to store the session data. That's obvious. You store the session data on your server. The real problem is linking the session data (ie. the contents of a shopping cart) to a specific user so when that same user is surfing through your site, on every request you know which cart is his. And if he goes away and comes back later, you again can go find his cart and you know what is in it. Ergo, therefore, if you are able to uniquely identify the user you have solved your session problem. HTTP Authentication does this brilliantly. The only difference between cookies and http auth is that with a cookie you send the remote user a unique identifier that is then sent back to you whenever that specific user visits your site. Because this happens automatically and people don't like that, some people turn this off. With HTTP authentication, instead of doing this automatically you have the user create a profile on your site where part of this will include a unique identifier and a password. Each time the user visits your site this information will be sent exactly like a cookie. Depending on how users configure their browsers they may have to log in at the beginning of a session although these days most browsers have these password managers that make this login procedure trivial. -Rasmus --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.351 / Virus Database: 197 - Release Date: 4/19/2002 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
