Yii Framework Forum: What if cookies are disabled in a user's browser? - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

What if cookies are disabled in a user's browser? Rate Topic: -----

#1 User is offline   Kenz 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 16
  • Joined: 30-March 10
  • Location:Helsinki, Finland

Posted 06 May 2010 - 03:43 AM

Hi everyone!
I tested my application with cookies disabled in my browser, which led to a problem:
I could not log in anymore, as the PHPSESSID is saved in a cookie.
Does anyone have a solution for this kind of a problem, or does Yii handle this case in some way?

I thought that maybe the session could be stored on the server, but then I would always have to keep
the PHPSESSID in the url, which is not such a good solution in my opinion.

Cheers!
0

#2 User is offline   Mike 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 3,016
  • Joined: 06-October 08
  • Location:Upper Palatinate

Posted 06 May 2010 - 06:49 AM

If cookies are disabled, propagating the SID in URL is the only way to make sessions work. You can enable useTransparentSessionID to let that happen automatically.

Also read this for for session basics in PHP:
http://de.php.net/ma...n.idpassing.php
0

#3 User is offline   Kenz 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 16
  • Joined: 30-March 10
  • Location:Helsinki, Finland

Posted 10 May 2010 - 07:55 AM

View PostMike, on 06 May 2010 - 06:49 AM, said:

If cookies are disabled, propagating the SID in URL is the only way to make sessions work. You can enable useTransparentSessionID to let that happen automatically.

Also read this for for session basics in PHP:
http://de.php.net/ma...n.idpassing.php


Hi!
I tried to use this useTransparentSessionID, but it doesn't work so easily.
My main config for session:
'session'=>array(
  'class'=>'CDbHttpSession',
  'autoStart'=>true,
  'connectionID'=>'db',
  'sessionTableName'=>'Session',
  'useTransparentSessionID'=>true,
  'cookieMode'=>'none'
)


I have also overridden the CApplication, and in the Application::init() function I'm using:
$this->session = $this->getSession();


Now, the problem is, that when I want to log in, the PHPSESSID is sent in the URL, but the wrong PHPSESSID
is appended to the login form as a hidden input field. This because somehow there are two different session IDs in the database, and the other is used in the url and the other is appended to the login form.

I could log in once, but that was just a coincidence.

My question is: doesn't Yii append the SID automatically to all urls? I thought it would because of the useTransparentSessionID? Is there some conflicts with the DbHttpSession? If I want this to work, I would have to append to every single url the SID by hand, which is not an option for me.

Any help here?

Thanks!
0

#4 User is offline   Mike 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 3,016
  • Joined: 06-October 08
  • Location:Upper Palatinate

Posted 10 May 2010 - 09:18 AM

I would try to get transparent sessions working first and then switch to DB sessions. It should make things easier to debug. Since transparent sessions are handled from PHP itself, Yii has not much to do with it. It only enables the ini setting for PHP (see link to manual above).

So again: Try with a basic configuration first. Maybe even without Yii at all and then enhance it step-by-step. It's a long time, since i used transparent sessions but i remember getting it work can be tricky.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users