Is this true about cookies in PHP?

Question

Is it true that if a script sets a cookie and if the user's browser is set to not accept cookies, then the set cookie function will detect this and instead set a session?

Answer 1

I guess you mean the session.use_trans_sid setting:

If you set this setting: ini_set('session.use_trans_sid', 1); than PHP attaches the session ID to the URL if there are no cookies available.

Answer 2

No.

Additionaly, cookies and sessions are not directly comparable. In fact, cookies are typical part of the implementation of sessions.

You can, of course, detect if the user accepts cookies. Server-side this can be made by setting a cookie, forwarding the user and checking if the user sent the just set cookie in the new request.

Keep in mind:

• Sessions are a more abstract concept; it's associating a user to some data that is stored server-side. This is generally implemented with cookies – the cookie stores a key that identifies the stored data; the user sends this keys on every request so that the server can know which data to use. The alternative to cookies is to pass this key in the URL on every request. This is less desirable because it pollutes the URL and may expose the users to some security risks (session fixation).
• Cookies are merely pieces of data that the server requests the user send it back on every request (to itself or to some broader set of servers).