PHP session without cookies

Question

Is there a way that I can initiate a persistent session in PHP without the placement of a session cookie? Are there other ways of maintaining a session across pages, such as an IP address-based solution?

My reason for asking is, is that although most users have cookies on, I want to see if there's a way for a login system to work for those with it disabled (even though I think disabling cookies is just unnecessary paranoia, personally).

Answer 1

I don't think it's too much to ask your users to enable cookies. I find it silly when people turn them off entirely.

Otherwise, you can set your session.use_only_cookies to "0" to force the appendage of a session ID to URLs within your php. This approach, however, has several draw backs. Mainly that of keeping the state within the URL, as opposed to the Cookie header. If a user were to copy and paste the URL of the page they were on, and someone else were to click on it, they would both be using the same session.

<?php
     ini_set("session.use_cookies", 0);
     ini_set("session.use_only_cookies", 0);
     ini_set("session.use_trans_sid", 1);
     ini_set("session.cache_limiter", "");
     session_start();