Shop cart W/O sessions/cookies... possible?

[salewit]

I have several end users of my shopping cart that will have cookies disabled, or will be behind a firewall that won't allow cookies. Is there any way to do a shopping cart WITHOUT sessions or cookies? If so, how do I identify someone from page to page?

Thanks
Sam

 

[sleipnir214]

PHP can do sessions without cookies. It appends the session data to various URLs within your HTML.



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[salewit]

Ok, I take it that this isn't automatic since it did NOT append the ID when I refused cookies. Is there a trick to appending it or do I just code that in manually?

 

[sleipnir214]

You can force PHP to do this. Look at the runtime configuration directive session.use_trans_sid



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[salewit]

Well thanks for your help, but I'm still about ready to pull my hair out. I ran phpinfo() and session.use_trans_sid is already on....

session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid On On

So here's what I did. I created two php files... page1.php and page2.php. I also set my browser to not accept any cookies from anyone. 100% off. Then closed it and re-opened it and went to:

page1.php

<?php
session_start();
session_register("testvar1");
$testvar1 = "Apple";
?>
<html>
<head>
<title>Untitled</title>
</head>
<body>
Page 2<br>
<?php
print session_save_path() . "<br>";
print session_id() . "<br>";
print $testvar;
?>
</body>
</html>

Page 2 is identical except for that I commented out line 2 and 3.

The result I get for page1 is:

Page 1
/tmp
2406abd079e5e7b044dee98238e457b8
Apple

The address bar of my browser simply has the page1.php address in it. NO session ID embedded.

When I run Page 2, it's identical except $testvar is empty now.

I understand why the session variable didn't show up, but I also expected the ID not to show up also. How did the session ID show up without cookies? Where was it stored? And how do I use session variables with cookies blocked? And if cookies are disabled yet the session ID is still coming through, why would I EVER need to have the session ID embedded in the URL?

Very confused!

 

[bastienk]

did you set the browser not to accept session cookies?
in IE
goto tools>internet option> privacy > advanced> no session cookie


Bastien

Cat, the other other white meat

 

[pfrancis]

You are using a regular variable in you code instead of the session variables.

On page 1, try using:

$_SESSION['testvar1']="Apple";

On page 2, try using:

print $_SESSION['testvar1'];

Hope that helps.

 

[DRJ478]

I'd recommend to use $_SESSION['myVar'] instead of session_register(). You don't want to build your scripts depending on register_globals.

If you want your script to work regardless of register_globals, you need to instead use the $_SESSION array as $_SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled.

 

[ingresman]

You can also pass around your state information or simple sessionID in hidden fields in the form. .NET uses this and calls it a viewstate. It makes your pages bigger and you will need to include a signature such as an md5 hash to verify that the information has not been changed. I recall that .NET has 9 ways to do session stuff, I don't think that I would recomend this way to go but it is a solution and may be a possible way forwrd.