Correctly, if I’m wrong, but I was pretty sure, that I read somewhere in the documentation, that Yii application is able to detect, whether user’s browser has cookies blocked and use sessions in place of this.
Therefore, I was little bit shocked to find out, that whole my application goes hell, with cookies disabled, and ends in endless redirection to login page (in my current project any page, except contact one, requires user to be logged-in).
Can anyone provide any more details on this subject? Is it really true, that cookies are obligatory for Yii application to save state of user being logged-in.
It’s not that I don’t like cookies. In fact I think that they’re very, very useful and can’t imagine larger website working without them. But my customer has a slightly bit different thinking on both cookies and privacy/security.
I haven’t played with this in Yii, however Yii simply extends PHP Session handling, meaning that you are required to pass around a SID yourself or enable session.use_trans_sid in your configs (php.ini).
I’m on very old 1.1.4 (not my decision), so that might be a solution. I’ll give it a try later, as currently forcing user to use cookies is required by some other component (aside loggin-in).