What if cookies are disabled in a user's browser?

Hi everyone!

I tested my application with cookies disabled in my browser, which led to a problem:

I could not log in anymore, as the PHPSESSID is saved in a cookie.

Does anyone have a solution for this kind of a problem, or does Yii handle this case in some way?

I thought that maybe the session could be stored on the server, but then I would always have to keep

the PHPSESSID in the url, which is not such a good solution in my opinion.

Cheers!

If cookies are disabled, propagating the SID in URL is the only way to make sessions work. You can enable useTransparentSessionID to let that happen automatically.

Also read this for for session basics in PHP:

http://de.php.net/manual/en/session.idpassing.php

Hi!

I tried to use this useTransparentSessionID, but it doesn’t work so easily.

My main config for session:




'session'=>array(

  'class'=>'CDbHttpSession',

  'autoStart'=>true,

  'connectionID'=>'db',

  'sessionTableName'=>'Session',

  'useTransparentSessionID'=>true,

  'cookieMode'=>'none'

)



I have also overridden the CApplication, and in the Application::init() function I’m using:




$this->session = $this->getSession();



Now, the problem is, that when I want to log in, the PHPSESSID is sent in the URL, but the wrong PHPSESSID

is appended to the login form as a hidden input field. This because somehow there are two different session IDs in the database, and the other is used in the url and the other is appended to the login form.

I could log in once, but that was just a coincidence.

My question is: doesn’t Yii append the SID automatically to all urls? I thought it would because of the useTransparentSessionID? Is there some conflicts with the DbHttpSession? If I want this to work, I would have to append to every single url the SID by hand, which is not an option for me.

Any help here?

Thanks!

I would try to get transparent sessions working first and then switch to DB sessions. It should make things easier to debug. Since transparent sessions are handled from PHP itself, Yii has not much to do with it. It only enables the ini setting for PHP (see link to manual above).

So again: Try with a basic configuration first. Maybe even without Yii at all and then enhance it step-by-step. It’s a long time, since i used transparent sessions but i remember getting it work can be tricky.