Quote:
|
Originally Posted by Admin
Turn cookies off and then browse a PHP site using sessions. It will automaticly put the session id in the URL. Then if you send that link to your friend they will have the same session as you. Fun.
|
Ouch! That sucks. Just another idea gleamed from concepts in that article: you could use HTTP_REFERER. If the domain from HTTP_REFERER is within your website, you know it was the same session, just a different page. If the domain is outside of your website, you know it was probably a session id that was part of the URL. Just in case, you can prompt for the userid and password (assuming there is one). If that fails, you can generate a new session id. People leaving the site and coming back without cookies enabled could lose their session info if the site does not require a login to add items to a shopping cart. Other than that, it might even work.
