--- Peter Janett <[EMAIL PROTECTED]> wrote: > Sessions themselves use cookies, though, right? > So, if you want your app to work for those who > don't have cookies, you have to pass the session > data in the url string, at least that's my > understanding.
That's not quite right. Session management requires an existing method of state management. The default state management mechanism used by PHP is indeed cookies, but that is not the only way. All that is required for state management is that you assign the Web client a unique identifier that it includes on subsequent requests. Cookies make this easy and are somewhat "automatic" in PHP, but GET and POST variables can also be used. For example, say you normally depend on a cookie to identify the client. This will probably be something like PHPSESSID=12345. The following link would send the same unique identifier as a GET variable: <a href="./example.php?PHPSESSID=12345">Click Here</a> Unless you have PHP configured to only use cookies to identify the client (which I think is not the default setting anyway), it will use the PHPSESSID when sent on the URL like this. In fact, you can configure PHP to append the unique identifier to the URL automatically if the client does not accept cookies. Just set session.use_trans_sid to 1 in your php.ini file if you compiled PHP with --enable_trans_sid. As I hope is clear, none of this requires that any client data be passed on the URL, in cookies, or anything else. The only data that should be sent by the client is data necessary for client identification. All other data can (and should in most cases) be stored on the server. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
