Skip to main content
B
BrianNardone
Inspiring
May 31, 2009
Answered

Does anyone have a good 'redirect if cookies disabled' snippet?

  • May 31, 2009
  • 2 replies
  • 865 views

I have found several on the web but I don't know which would be best.

I want to push the viewers over to a page that will use sessions, if the cookies are disabled. I'm under the impression that sessions will work even if cookies are disabled since cookies write to disk and sessions write to brower memory.

Thanks

This topic has been closed for replies.
Correct answer David_Powers

BrianNardone wrote:

I'm under the impression that sessions will work even if cookies are disabled since cookies write to disk and sessions write to brower memory.

In theory, you can enable sessions to work without cookies, but it's considered insecure, and is disabled by default.

A simple way to test whether cookies are disabled is to try to set a cookie and then retrieve its value. Unfortunately, you can't do this in a single operation, because cookies aren't accessible until the page has been reloaded or the user has moved to a new page.

On page 1:

<?php setcookie('cookietest', 'cookiesOK'); ?>

On the next page:

<?php
if (!isset($_COOKIE['cookietest']) || $_COOKIE['cookietest'] != 'cookieOK') {
  header('Location: somewhereelse.php');
  exit;
}

2 replies

David_Powers
David_PowersCorrect answer
Inspiring
June 1, 2009

BrianNardone wrote:

I'm under the impression that sessions will work even if cookies are disabled since cookies write to disk and sessions write to brower memory.

In theory, you can enable sessions to work without cookies, but it's considered insecure, and is disabled by default.

A simple way to test whether cookies are disabled is to try to set a cookie and then retrieve its value. Unfortunately, you can't do this in a single operation, because cookies aren't accessible until the page has been reloaded or the user has moved to a new page.

On page 1:

<?php setcookie('cookietest', 'cookiesOK'); ?>

On the next page:

<?php
if (!isset($_COOKIE['cookietest']) || $_COOKIE['cookietest'] != 'cookieOK') {
  header('Location: somewhereelse.php');
  exit;
}
B
BrianNardoneAuthor
Inspiring
June 1, 2009
Well, bummer dude. Security counts.
Thanks for the answer. I'll have to find another way to pass along the values of the parameters that live inside the cookies if cookies are disabled. I don't want to use URL parameters ( too ugly, too many ), in fact the cookies were intended to avoid that in the first place, and I don't want to use a recordset on each page because there are a lot of pages. I chose to use cookies (+3600) as a way to maintain their values even if a student's browser locks up, and also to avoid session variables since they limit the amount of work a server can do to about 500 concurrent users.
... and thanks for the redirect. That is just the sort of sweet little snippet that guys like me dream about finding when we go looking.
Thanks David.
Brian
DwFAQ
DwFAQ
Participating Frequently
May 31, 2009

The best one you've found is the one you've tried out that works.

B
BrianNardoneAuthor
Inspiring
June 1, 2009

Thanks DW. I'm always a little security conscious and don't know when I'm getting irregular items. Any body want to contribute? Thanks

Brian

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices