I’m pretty new to PHP and am experimenting with cookies and sessions.
So, in IE, if I set my Privacy settings to Block All Cookies, obviously all cookies will be blocked but what about sessions?
I ask because I am under the impression that if cookies are blocked but I start a session, the session should be valid. In other words, whatever I set for the session variable should stick with the browser for as long as the browser is open but this does not seem to be happening.
My whole thought process behind this is that I could use a cookie as my first means of tracking and in addition to setting the cookie I could also set a session in case cookies are disabled.
So question 1 – Why is my session variable getting blocked? Is that suppose to happen?
question 2 – Is it good practice to set both a cookie and a session (in case the cookie is blocked)?
Sessions are for the most part, just an identifier linked to a data set, per user.
This identifier is almost always stored as a cookie. If cookies are disabled, so are session cookies, so are sessions. The way round this is to include the session ID in every URL, and then pick it out and use it to initialise the session (ie. use the ID to find the stored session data).
PHP can automatically add the session ID to relative URIs, it depends on configuration options though. See “Passing the Session ID” in the manual. (Pay particular attention to this comment.)