There are only two ways to keep sessions. 1: Cookies. 2: A session ID
passed from page to page on every link and form.
I learned some lessons about this in a site I recently (well, am still)
developing. I started by trying to pass a link. It works like this. When
they log in, you add them to a Login table and store a unique ID in it (an
autonumber field works OK but I prefer to generate a unique random string
of characters so people can't try to hack the session handling mechanism)
which identifies the session. Then, you MUST include that as a query
variable on each link or form inside the site. So each page checks the
value of this variable (say "code"), then looks it up in the login table,
verifies the session is still active, updates a datetime field, and then
they are in. If it has been too long since they last "hit" the table you
tell them the session is expired.
So you can do it without cookies, but there are two problems.
1) It's a huge pain to make sure every link has carriest the session ID
2) If someone does a "Back" on their web browser, and backs over the login
form (e.g. to get back to the home page) then the session is gone. This is
So I ended up adding cookies to my site after doing it the hard way because
I didn't think about (2) until the thing was live and we were testing
functionality. Now it uses both mechanisms. I only use the cookie to keep
the session ID, and I still update the login table to manage session time
and other data. Basically, it first checks for the existence of a cookie to
get the user code. If no cookie, then it checks the query string. If no
data there, then they aren't logged in.
So if you want to go to the effort I think this method offers the best
possible solution for non-cookie enabled people, since it will actually
work fairly well except for problem (2) but that's all you can do with the
On the other hand it's a lot of extra work for a tiny minority who refuse
cookies. And kind of silly anyway since what you do with the manual
session handling is just as "intrusive" as cookies can be, e.g.
potentially tracking every link they click and how long they sit on pages,
since it is functionally equivalent.
At 11:48 PM 2/24/00 +1030, Mark Ferraretto wrote:
> > Hi ,
> > Is there a way to get the inquiry basket or shopping cart function
> > properly other than using cookies????
>You could get the user to log in and then update a table or file on your
>server as they go...
>I find cookies easier personally, especially has they have a built-in
>expiry mechanism. Good for timing out logins.