I am trying to build a simple login portal that uses php sessions to store a users logged-in status. I want the session data to still be available even when cookies are disabled in the users browser.
I have searched the web to find a way of doing this but haven't found anything that gives a good explanation. I'm pretty new to php but have the basic functionality of the web app working except keeping session data stored without cookies.
It's my understanding that when you start a session using session_start(), this creates a cookie that stores the session id. This id can then be passed around the website using cookie or url propagation. The server I am running the site on doesn't allow url propagation so I must use cookies but I don't get how it works if someone turns off cookies in the browser.
Here'e the header.php that I have included in every page:
<?php
session_start();
session_regenerate_id(true);
if (isset($_POST["LogoutBtn"])) {
$_SESSION = array();
if (ini_get("session.use cookies")) {
$yesterday = time() - (24 * 60 * 60);
$params = session_get_cookie_params();
setcookie(session_name(), "", $yesterday, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
session_destroy();
}
$dataFiles = array("/amacmi01_p1fma/data/DTresults.php",
"/amacmi01_p1fma/data/P1results.php",
"/amacmi01_p1fma/data/PfPresults.php");
$page = $_SERVER["PHP_SELF"];
?>
<!DOCTYPE html>
<html>
<head>
<meta author="Andrew Macmillan">
<meta charset="UTF-8">
<?php
$title = "";
switch ($page) {
case "/amacmi01_p1fma/index.php":
$title = "BBK DCS Home Page";
break;
case "/amacmi01_p1fma/admin-login.php":
$title = "DCS Admin Login";
break;
case "/amacmi01_p1fma/staff-login.php":
$title = "DCS Staff Login";
break;
case "/amacmi01_p1fma/register-staff.php":
$title = "Register New Staff";
break;
case "/amacmi01_p1fma/admin-options.php":
$title = "Admin Options";
break;
case "/amacmi01_p1fma/intranet.php":
$title = "BBK DCS Intranet Page";
break;
case "/amacmi01_p1fma/error.php":
$title = "Error Viewing Modules";
break;
case "/amacmi01_p1fma/logged-out.php":
$title = "Logging Out";
break;
case "/amacmi01_p1fma/data/DTresults.php":
$title = "Introduction to Database Technology - DT Results";
break;
case "/amacmi01_p1fma/data/P1results.php":
$title = "Web Programming using PHP - P1 Results";
break;
case "/amacmi01_p1fma/data/PfPresults.php":
$title = "Problem Solving for Programming – PfP Results";
break;
}
echo "<title>$title</title>";
if (in_array($page, $dataFiles)) {
echo '<link rel="stylesheet" type="text/css" href="../styles/style.css"/>';
} else {
echo '<link rel="stylesheet" type="text/css" href="styles/style.css"/>';
}
?>
</head>
<body>
<header>
<?php
if ($page !== "/amacmi01_p1fma/index.php" && $page !== "/amacmi01_p1fma/logged-out.php") {
if (in_array($page, $dataFiles)) {
echo '<div class="home-link">
<a href="../index.php">Return to Home Page</a>
</div>';
} else {
echo '<div class="home-link">
<a href="index.php">Return to Home Page</a>
</div>';
}
}
if (isset($_SESSION["LoggedIn"]) && $page !== "/amacmi01_p1fma/logged-out.php") {
$homeLink = "";
if (in_array($page, $dataFiles)) {
$homeLink = "../logged-out.php";
} else{
$homeLink = "logged-out.php";
}
echo '<div id="logout-form">
<form action="'.$homeLink.'" method="post">
<label for="logout-btn">You are logged in as '.$_SESSION["UserName"].'</label>
<input type="submit" name="LogoutBtn" id="logout-btn" value="Logout"/>
</form>
</div>';
}
?>
</header>