I'm trying to implment PHP/MySql autentication without cookies. (I'm using Impkt). It works just fine, but when I disable cookies in my browser, I am sent to my access denined page. Am I correct to be trying something like:
$KT_redirectLoginSuccess="yourIn.php?PHPSESSID=$PHPSESSID";

Thanks for any response.

No you're note.

PHP is extrememly efficient with Sessions in that it will automatically send the SID (not $PHPSESSID) constant via the URL if cookies are turned off. This is the default action, and *should* happen automatically when cookies are turned off.

You are, however, going to always run into problems when you try to authenticate without cookies in this way, as values will always have to be sent via the URL GET Parameters. This will leave all passwords and usernames etc available to whoever looks through your visitor's history (as all URL's are stored).

In other words, you should only do this if security doesn't matter. However, I would say, that if security doesn't matter, then you shouldn't even bother using authentication as it is a waste of time.

Tim Green

Extension & PHP TalkZone Manager
<font size=1>-------------------------------------------
<i>Please read the Forum FAQ before posting
a question to this TalkZone.</i>
-------------------------------------------
www.UDzone.com : A dynamic Dreamweaver,
Ultradev and Fireworks site for developers
by developers.
-------------------------------------------</font id=size1>