Reputation: 1026
Laravel sessions without cookies
I have an application which allows user to log in and add items to basket, however if user has cookies turned off, this functionality would no longer work. I've checked facebook and it turns out even they need cookies enabled to function.
So my question is is it even possible to handle regular login/add to cart functionality without cookies?
Upvotes: 1
Views: 3763
Answers (2)
Reputation: 392
This is not only Laravel specific. Check http://php.net/manual/en/session.configuration.php (specifically session.use_cookies and session.use_only_cookies) to see how you can enable the use of a _GET parameter instead.
As always, the documentation warns you that stealing a SESSION gets easy when you pass the ID via _GET.
But PHP should be automatically rewriting your URLs once you enable them, so no extra work required on your end, but I would personally keep the sessions restricted to a single IP and User-Agent - should make it hard for attackers.
Upvotes: 1
Reputation: 163768
I can see Laravel tag in your question, so I'm giving you a link to all possible ways of using sessions in Laravel:
https://laravel.com/docs/5.1/session
Upvotes: 0
Related Questions
- Advantages/disadvantages of using cookies to store a user ID?
- What is the difference between localStorage, sessionStorage, session and cookies?
- Are HTTP cookies port specific?
- Do login forms need tokens against CSRF attacks?
- Share cookies between subdomain and domain
- Why is it common to put CSRF prevention tokens in cookies?
- Do sessions really violate RESTfulness?
- Update cookies for Facebook connect based site?