On 8/28/05, Franz Iberl f.iberl@amazonas-box.de wrote:
Am 27.08.2005 um 20:49 schrieb Skip Taylor:
Perhaps I've missed the boat here, but I was under the impression that you did NOT have to have cookies enabled to log in to a Drupal site.
Someone had trouble with a log in on my site yesterday. Turns out their cookies were set to not accept cookies. They tried to log in, the Who's online module showed them as online but they could progress no further.
I have 4.6.3 and have not modified anything related to this part of Drupal.
I prefer "without-cookies" as well, but a PHP-Switch must be set the right way (I tried 4.5.x only). e.g. in the PHP-Section of .htacess: php_value session.use_trans_sid On which is Off by default.
Maybe there are other switches (cookie-only or similar) relevant in this case. Try the above switch and see.
BTW, a session-management ist nevertheless necessary, so by dropping cookies the session-id will be kept with the url, which is disputed on security reasons as far as I remember. I do not know yet all factors behind it. I do not like cookies, but I am not certain wether they are the less bad thing ;-)
The log-in on the Drupal main site works only with cookies enabled, I tried ;-)
Servus Franz
Thanks Franz. I do remember a discussion somewhere about this on 4.6.x and I thought the default (where mine is set) was to allow either. I know there are times I see the PHPSESSID in logs and sometimes not.
If the Drupal main site requires cookies, I would think there is a reason for it.
Thanks for your time on this! Skip