What if cookies are disabled in a user's browser?
Posted 06 May 2010 - 03:43 AM
I tested my application with cookies disabled in my browser, which led to a problem:
I could not log in anymore, as the PHPSESSID is saved in a cookie.
Does anyone have a solution for this kind of a problem, or does Yii handle this case in some way?
I thought that maybe the session could be stored on the server, but then I would always have to keep
the PHPSESSID in the url, which is not such a good solution in my opinion.
Posted 06 May 2010 - 06:49 AM
Posted 10 May 2010 - 07:55 AM
I tried to use this useTransparentSessionID, but it doesn't work so easily.
My main config for session:
'session'=>array( 'class'=>'CDbHttpSession', 'autoStart'=>true, 'connectionID'=>'db', 'sessionTableName'=>'Session', 'useTransparentSessionID'=>true, 'cookieMode'=>'none' )
I have also overridden the CApplication, and in the Application::init() function I'm using:
$this->session = $this->getSession();
Now, the problem is, that when I want to log in, the PHPSESSID is sent in the URL, but the wrong PHPSESSID
is appended to the login form as a hidden input field. This because somehow there are two different session IDs in the database, and the other is used in the url and the other is appended to the login form.
I could log in once, but that was just a coincidence.
My question is: doesn't Yii append the SID automatically to all urls? I thought it would because of the useTransparentSessionID? Is there some conflicts with the DbHttpSession? If I want this to work, I would have to append to every single url the SID by hand, which is not an option for me.
Any help here?
Posted 10 May 2010 - 09:18 AM
So again: Try with a basic configuration first. Maybe even without Yii at all and then enhance it step-by-step. It's a long time, since i used transparent sessions but i remember getting it work can be tricky.