We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Cookies!
Comments
-
Can you let me know how you create a (secure) login system that doesn't use cookies? By the way, I don't regard appending the session ID to the URL as secure.
I store my sessions in MySQL, Along with their user id, sessionid and ipaddress. None of this information is visible by the user except for their userid, but that'd only be for things like profiles where it'd be something like profile.php?id=123.
I've never coded anything with cookies in my life, and I don't wish to.- David0 -
In my scripts mostly everything is remembered in MySQL
Mysql is a database system, server-side. How do you know if a stateless browser connection has permission to view restricted pages?
The first thing a web server does when the script creates a session variable such as "userid", it delivers a cookie to the browser, giving it "state".
It might sound pompous but at 17 I knew as little as you do. I had been programming for 6 years in my spare time too.0 -
Mysql is a database system, server-side. How do you know if a stateless browser connection has permission to view restricted pages?
The first thing a web server does when the script creates a session variable such as "userid", it delivers a cookie to the browser, giving it "state".
Excuse me if I'm wrong here, I don't really check documentation on things etc, but isn't the browser's sessionid just a one-time thing?
The way my scripts work are:
User goes on page > page gets sessionid > checks against sessions in db > session found > user's logged in
or
User goes on page > page gets sessionid > checks against sessions in db > session not found > user's not logged in- David0 -
Excuse me if I'm wrong here, I don't really check documentation on things etc, but isn't the browser's sessionid just a one-time thing?
The way my scripts work are:
User goes on page > page gets sessionid > checks against sessions in db > session found > user's logged in
or
User goes on page > page gets sessionid > checks against sessions in db > session not found > user's not logged in
The data is stored in the database, but you have to have a way to link that data to the appropriate web browser. The best and most reliable way to do this is to use cookies.
Assuming you code in PHP, ever time you execute session_start() a cookie is set which by default is called PHPSESSIONID. You are not setting a cookie, but PHP is setting one.
So basically to comply with these new regulations you can't use any session related functions unless the user has explicitly opted in to accept cookies.
So now can you see how short sighted and difficult to comply with these rules are?0 -
Have a look at the cookies that THIS web site has given you.
7 of them are there so that this bulletin board works better.
4 of them are used by google so that MSE can find out where all of their advertising effort goes.
1 of them I haven't a clue.
So 5 out of 12 are of no benefit to me at all - they are probably slowing my PC down.
The other 7 make "this bulletin board work better" - again exactly how much ? we only have the say-so of the people who put them there to support this, they are hardly likely to say otherwise are they ?You could argue that the first 7 are not essential,
That is just what I am doing
For you to make such a statement shows that even you don't have too much confidence in the strength of your own argument......... 0 -
Perhaps. I run a business and wrote our web site. We use google to attract customers, and use their cookies to see how much profit we make from paying google to show our adverts.
I don't deny that some cookies are of no benefit to the customer, but if we don't know if the adverts are worth paying for, we lose money.
The other essential cookies are all there because I chose to use them. I added a whole new section to our privacy policy this week to explain what cookies we use and why. It was all very tedious to read back!0 -
yangptangkipperbang wrote: »So 5 out of 12 are of no benefit to me at all - they are probably slowing my PC down.
The other 7 make "this bulletin board work better" - again exactly how much ? we only have the say-so of the people who put them there to support this, they are hardly likely to say otherwise are they ?
They are not slowing your PC down, cookies are tiny bits of text send with every request you make, sending this "sessionID=a21fjds134" does not stress ghz processors and broardband connections.
If you dont believe the people who make the web at least spend some time actually looking how it works before making judgements.
Now there are alternatives to cookies but they are worse options and they wont solve your underlying privicy problem.
The fact remains even in non-web situations for a lot of interactions I NEED to know who you are or somthing that identifies you as you, this isn't a technical problem If you can solve it I can get rid of cookies.0 -
Assuming you code in PHP, ever time you execute session_start() a cookie is set which by default is called PHPSESSIONID. You are not setting a cookie, but PHP is setting one.
I stand corrected then, guess you do learn something new everyday.So basically to comply with these new regulations you can't use any session related functions unless the user has explicitly opted in to accept cookies.
So now can you see how short sighted and difficult to comply with these rules are?
Yeah, it's terrible. Guessing I'm going to have to implement it into a uk hosted forum I run sometime.
- David0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards