Hi all! I want to change my ecommerce cookies system to sessions. I receive too many complaining that cannot buy stuff. People who don’t know how to set cookies in browser! Imagine that! So my boss wants me to change it. Below you find my function that sets the cookie. I read that you can use sessions in order the user buy stuff without need of cookies and registration. Instead of keeping the cookie_id may I record the session_id in my table. Is any easy way to do it? Examples are welcome! Thanks in advance António <?php require_once('Connections/medical.php'); ?> <?php mysql_select_db($database_medical, $medical); // This page contains the connection routine for the // database as well as getting the ID of the cart, etc $dbServer = "xxxxxxxxxxxxxxx"; $dbUser = "xxxxxxxxxxxxxxx"; $dbPass = "xxxxxxxxxxxx"; $dbName = "xxxxxxx"; function ConnectToDb($server, $user, $pass, $database) { //Connect to the database and return // true/false depending on whether or // not a connection could be made. $s = @mysql_connect($server, $user, $pass); $d = @mysql_select_db($database, $s); if(!$s || !$d) return false; else return true; } function GetCartId() { // This function will generate an encrypted string and // will set it as a cookie using set_cookie. This will // also be used as the cookieId field in the cart table if(isset($_COOKIE["cartId"])) { return $_COOKIE["cartId"]; } else { // There is no cookie set. We will set the cookie // and return the value of the users session ID //session_start(); setcookie("cartId", session_id(), time() + ((3600 * 24) * 30)); return session_id(); } }
The session key is normaly stored in a cookie. You can change this in PHP.ini, i think the changes are as follows : session.use_cookies = 1 session.use_only_cookies = 0 session.use_trans_sid = 1 then you should get in your URL ?PHPSESSID=djfkjdshfksj and browsers that does not accept cookies should work. There is however security risks with this....
Another thing: I dont have acess to the server PHP.ini. Do I realy must change the PHP.ini file? António
The thing is if you have the session key in the URL, other users could hack into your account by trying different sessions. You can alway manualy include the cookie in your URL by adding ?cartId=session_id if(isset($_COOKIE["cartId"])) { return $_COOKIE["cartId"]; }elseif ($_GET['cartId'] <>''){ return $_GET['cartId']; }else{ // There is no cookie set. We will set the cookie // and return the value of the users session ID //session_start(); setcookie("cartId", session_id(), time() + ((3600 * 24) * 30)); return session_id(); } With this solution you always need to include $_GET['session'] in your URL.