Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By qqboy on
ini_set('session.use_cookies', '1');
ini_set('session.use_only_cookies', '1');
ini_set('session.use_trans_sid', '0');
Does it mean that when cookie is off, then session is not available in drupal.
Can some one help us make it clear why drupal has this setting or what s the reason for it, any disadvantage to this settings ?
Thanks Regards.
Comments
SESSIONS are data stored on
SESSIONS are data stored on the server. However a cookie is required to identify the user with the SESSION stored on the server. Otherwise the server has no way of knowing which SESSION to associate with the user.
So yes, if cookies are turned off, the session is not available.
ok thank you are great.
ok thank you are great.
https://www.drupal.org/project/image_captcha_indicator
https://www.drupal.org/project/ext_js
Great job explaining that,
Great job explaining that, Jaypan.
If I may add - if you clear your cookies in your browser (a.k.a. clear browsing data), you will notice that when you try to load the Drupal page you were logged into again, you will notice that you have been logged out automatically because Drupal sees that you have no cookies to have a session created/retained for you.
Then the question is why
Then the question is why drupal not allow session id to transit by appending to url.
aka
Normally many website do do, right ?
Thank you for sharing.
https://www.drupal.org/project/image_captcha_indicator
https://www.drupal.org/project/ext_js
Its a security risk. Better
Its a security risk. Better not to allow it.
Then if user turn off cookies
Then if user turn off cookies, how drupal website function normally as usual ?
Thanks.
https://www.drupal.org/project/image_captcha_indicator
https://www.drupal.org/project/ext_js
It doesn't. Cookies are
It doesn't. Cookies are required for a Drupal site*
*if the site allows users to login or preserves some other data in relation to that user. If there are no logins and no data that needs to be preserved, then cookies are not required.
ok thanks. so better or
ok thanks. so better or preferable that write necessary data to tables instead.
For long time ago, teachers told us to preserve data in session, so ....
thank you .
https://www.drupal.org/project/image_captcha_indicator
https://www.drupal.org/project/ext_js
better or preferable that
1) The only way for the browser to 'know' who a user is, is through a session. The session uses a cookie to identify the user. So any data you would write to a session cannot be written to the database, as without a session identifier, the system would not know who the user is.
2) Drupal sessions are actually stored in the database, rather than as files on the server.
Now the problem is
Now the problem is
if user turn off cookie, and also session can not be appendded to url, then the session is off,
then the drupal site can not function normally.
for the site can not even identify the user, as you said
am i right?
Could some one or Mr J, what data should be written into session, to make brower be able to identify a user or some other things, for example in a drupal commerce web site.
big thanks. AND thanks.
https://www.drupal.org/project/image_captcha_indicator
https://www.drupal.org/project/ext_js
am i right?
That's correct.
Drupal already handles this for you. That's how you log into a Drupal site.
If you want to write other data to the session, you can just write it to the session:
function mymodule_cron(){
function mymodule_cron(){
for($i= 0; $i < $year->days;$i++){
echo 'THANK MR J';
}
}
https://www.drupal.org/project/image_captcha_indicator
https://www.drupal.org/project/ext_js