Sessions And Login Without Cookies

[electron 0]

Hi,I have a login script i made using PHP sessions and MySQL.It works fine but there is a problem.As you know Sessions are stored in Cookies by PHP.So if someone has switched Cookies off then no sessions will work.How to solve this problem ?Please help me.Thanks and have a good day.

[Spectre 0]

Although for search engine purposes I wouldn't recommend it, it is possible to have PHP append the session ID to all links (eg. a link to '/page.php' becomes '/page.php?PHPSESSID=x'), as you've probably seen before. This eliminates the use of cookies.

[jlhaslip 4]

And another reason to NOT use this method is to avoid someone "highjacking" the session.A malicious user (read: Idiot with nothing better to do), if they somehow acquire the sessionid, could pretend to be the user and do some damage to your site. At least maybe for the user id involved.

[electron 0]

I know so how to Log In a User if Cookies are Disabled.Please tell me.

[Spectre 0]

And another reason to NOT use this method is to avoid someone "highjacking" the session.A malicious user (read: Idiot with nothing better to do), if they somehow acquire the sessionid, could pretend to be the user and do some damage to your site. At least maybe for the user id involved.

Although not impossible, it is very difficult to guess a session ID by simply typing it into the URL. Additionally, sessions should always be re-enforced with IP checking, so if the IP 'x.x.x.x' establishes the session, an access attempt from 'y.y.y.y' with that session ID should result in the session being cleared and reauthentication required. As sessions usually only last for as long the browser window is open, the likelihood of a user changing IP addresses whilst using that session is slim.

[electron 0]

So anyone can help me with this.Please help me.