[drupal-support] Problem with no cookie login
Skip Taylor
avskip at gmail.com
Sun Aug 28 17:24:51 UTC 2005
On 8/28/05, Franz Iberl <f.iberl at amazonas-box.de> wrote:
>
> Am 27.08.2005 um 20:49 schrieb Skip Taylor:
>
> > Perhaps I've missed the boat here, but I was under the impression that
> > you did NOT have to have cookies enabled to log in to a Drupal site.
> >
> > Someone had trouble with a log in on my site yesterday. Turns out
> > their cookies were set to not accept cookies. They tried to log in,
> > the Who's online module showed them as online but they could progress
> > no further.
> >
> > I have 4.6.3 and have not modified anything related to this part of
> > Drupal.
>
> I prefer "without-cookies" as well, but a PHP-Switch must be set the
> right way (I tried 4.5.x only).
> e.g. in the PHP-Section of .htacess:
> php_value session.use_trans_sid On
> which is Off by default.
>
> Maybe there are other switches (cookie-only or similar) relevant in
> this case. Try the above switch and see.
>
> BTW, a session-management ist nevertheless necessary, so by dropping
> cookies the session-id will be kept with the url, which is disputed on
> security reasons as far as I remember. I do not know yet all factors
> behind it. I do not like cookies, but I am not certain wether they are
> the less bad thing ;-)
>
> The log-in on the Drupal main site works only with cookies enabled, I
> tried ;-)
>
> Servus
> Franz
Thanks Franz. I do remember a discussion somewhere about this on 4.6.x
and I thought the default (where mine is set) was to allow either. I
know there are times I see the PHPSESSID in logs and sometimes not.
If the Drupal main site requires cookies, I would think there is a
reason for it.
Thanks for your time on this!
Skip
More information about the drupal-support
mailing list