禁用的Cookie

What options do I have to work around disabled cookies for session management?

#0

You can append an SID variable to every link you output to the user. PHP has some built in support for this.

#1

  • In the page in hidden field
  • In the query string
  • In the HTTP header

#2

Well, all a cookie does is holds on to the big ugly string your system generated as that user's session identifier (SID) for you. If you don't have cookies, the goal is to get that SID sent in with every request from that specific user.

Creating a hidden form field with the SID in it is necessary when you are accepting input from the user. You should probably read up a bit on Cross-Site Scripting vulnerabilities - might as well head these off while you're monkeying with your forms anyway.

Adding data to links (via the query string) is typically called "URL Rewriting", so just look that up for details. The upshot is that every time you output a link it must have the SID as one of the parameters in the query string.

For example: "http://mysite.com/action?SID=da83fdec49ebfafe4"

Some frameworks can handle this URL rewriting semi-transparently.

推荐文章

结构指针?出了问题

结构指针?出了问题

推荐文章

遍历已发布的值以查看是否有任何相等的“否”

遍历已发布的值以查看是否有任何相等的“否”

推荐文章

SQL Server 2008全文搜索-速度慢

SQL Server 2008全文搜索-速度慢

推荐文章

CSS类在Google Chrome中不起作用,但在IE和Mozilla中运行良好。我需要更改什么,以便它可以在所有浏览器中工作?

CSS类在Google Chrome中不起作用,但在IE和Mozilla中运行良好。我需要更改什么,以便它可以在所有浏览器中工作?

推荐文章

@排除前和排除后

@排除前和排除后

推荐文章

跟踪网站流行程度的软件

跟踪网站流行程度的软件

推荐文章

脱机使用xml maven插件

脱机使用xml maven插件

推荐文章

Java、Adobe AIR、Authenticode和VBS的代码签名证书-它们不同吗?

Java、Adobe AIR、Authenticode和VBS的代码签名证书-它们不同吗?

推荐文章

创建bloburl()

创建bloburl()

推荐文章

如何将两个值传递给JavaServlet?

如何将两个值传递给JavaServlet?

推荐文章

php无法连接到mysql,出现错误13(但命令行可以)

php无法连接到mysql,出现错误13(但命令行可以)

推荐文章

在现有的32位代码中添加64位支持是否困难?

在现有的32位代码中添加64位支持是否困难?

推荐文章

PHP引用,奇怪的现象,有人能解释吗?

PHP引用,奇怪的现象,有人能解释吗?

推荐文章

WPF的Windows Phone 7 Pivot控件?

WPF的Windows Phone 7 Pivot控件?

推荐文章

Haskell平台2010.2.0.0 Cabal中的错误

Haskell平台2010.2.0.0 Cabal中的错误

推荐文章

清理我的SQL代码

清理我的SQL代码