Redirecting cookieless sessions in PHP without clicking a link

Question

I've been fighting with the cookieless sessions solution. Of course cookieless sessions solution is amazing. I have a trouble in implementing it because I can't read the session information after redirecting to another page.

Here's my test code in testcode.php

<?php
ini_set('session.use_trans_sid', '1');

session_start();

if (isset($_GET['pagecode'])) {
    session_id($_GET['pagecode']);
print_r($_SESSION); // **cannot read session information here**
exit();
}

if (isset($_SESSION['cookieconfirmed']) && $_SESSION['cookieconfirmed'] == 1) {

} else {
/** Checks if the user's browser is cookie-enabled **/
    if (isset($_GET['redirected'])) {  // if the page has gotten redirected
        $_SESSION['cookieconfirmed'] = 1;  // confirmed the cookie-disability
        if (isset($_COOKIE['testcookie'])) {
            header ('location: testcode.php');
        } else {
           header('location: testcode.php?pagecode=' . session_id());
        }
    } else {
       setcookie('testcookie', 'OK');  //sets a test cookie.
       header('location: testcode.php?redirected=1'); // redirects the page to check     cookie-disability
    }

    exit(0);
}
?>

As you can see this code doesn't work. but if i redirect to another page by clicking a link it works well. Here's the code in testcode.php:

<?php
ini_set('session.use_trans_sid', '1');

session_start();

if (isset($_GET['pagecode'])) {
    session_id($_GET['pagecode']);
print_r($_SESSION); // **able to read session information here**
exit();
}

if (isset($_SESSION['cookieconfirmed']) && $_SESSION['cookieconfirmed'] == 1) {

} else {
/** Checks if the user's browser is cookie-enabled **/
    if (isset($_GET['redirected'])) {  // if the page has gotten redirected
        $_SESSION['cookieconfirmed'] = 1;  // confirmed the cookie-disability
        if (isset($_COOKIE['testcookie'])) {
            header ('location: testcode.php');
        } else {
           echo '<a href="testcode.php?pagecode=' . session_id() . '">Click here to continue</a>';
        }
    } else {
       setcookie('testcookie', 'OK');  //sets a test cookie.
       header('location: testcode.php?redirected=1'); // redirects the page to check     cookie-disability
    }

    exit(0);
}
?>

How can I get this to work without clicking a link?

Answer 1

ini_set('session.use_trans_sid', '1');

You have to have this on every single one of your PHP pages - you can't do it just within the session handling script. If it's not on when PHP generates a page, it won't insert the session ID into forms and urls on that page. As such, it'd be better if you put this into your php.ini, or at least httpd.conf/.htaccess (as a php_value) to make it a global option for all scripts.

Answer 2

PHP function for this is :


function append_sid($link) {
    if(session_id() !== NULL && !isset($_COOKIE['PHPSESSID'])) {
        if(strpos($link, "?") === FALSE) {
            return $link . "?PHPSESSID=" . session_id();
        } else {
            return $link . "&PHPSESSID=" . session_id();
        }
    } else {
        return $link;
    }
}


Javascript Function for this is:


function append_sid(link) {
    <?php if(session_id() !== NULL && !isset($_COOKIE['PHPSESSID'])) { ?>
        var session_id = '<?php echo session_id ?>';
        if(link.indexOf('?') == -1) {
            return link + '?PHPSESSID=' + session_id;
        } else {
            return link + '&PHPSESSID=' + session_id;
     }
    <?php } else { ?>
        return link;
    <?php } ?>
}


A caveat – passing session id by URL requires the session.session.use_trans_sid tio be set to 1. 

php_value session.use_trans_sid = 1 in the .htaccess file. You can also try the function:

ini_set('session.use_trans_sid', '1')