我阅读了一些文章,之后我明白如果在客户端系统上没有启用cookie,那么会话将在php中运行。因此,如果在客户端系统上未启用cookie,则服务器将为用户创建唯一的会话ID,服务器将使用此唯一ID重新配置客户端。现在,如果没有启用cookie,会话ID将显示在URL中,如果页面上有任何表单,则输入类型hidden将是名为PHPSESSID的cretad。但是,如果我将在php.ini中进行更改,那么会话ID将在url中不可见。现在假设我在我的网站上打开一个没有任何形式的页面,因为如果在php.ini中进行了更改,那么phpsessid将在url中不可见,那么我将如何在该页面上获取会话数据。请解释我已经在stackoverflow上看到了另一个答案,没有人考虑过这种情况
答案 0 :(得分:1)
答案 1 :(得分:0)
OK, let's say you have a client that does not accept cookies, at all. And your webserver has URL SESSIONID forwarding disabled. You are asking what will happen?
Absolutely nothing will happen. The server will issue a cookie, client will deny it. User will not be logged in, even if he provided the correct password. I mean he will log in successfully, but at the next request he will be asked to log in again.
If you want to avoid such a situation you can design your authentication differently. For example you can use OAUTH or any other token-based authentication. Then the server will send the token(s) without using the Cookie header, client-side JavaScript will store it (i.e. in the Web Storage) and send it back to the server with every request. This approach works well with AJAX-based applications.