Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Use Sessions without cookies
  • BriceBrice
    Hello, i would like use sessions without cookies.

    So, i add in my session config file : 
     'enable_cookie' => false,

    I read in the documentation (https://fuelphp.com/docs/classes/session/advanced.html#/no-cookies) that we can use HTTP Header to send Session-Id.

    My question is how and where modify Response headers. (I use FuelPHP 1.8)

    This is my main Controller's strucutre :

    class Controller_Base extends \Controller_Hybrid : https://bin.fuelphp.com/snippet/view/PI
    class Controller_Front extends \Controller_Base
    class Controller_Protected extends \Controller_Front (for private pages)


    Thanks for your help
  • HarroHarro
    In your controllers' after() method.

    It gets the response passed as argument, so you can do:

    public function after($response)
    {
        $response->set_header('Session-Id', \Crypt::encode(\Session::key());
        return $response;
    }

    You can do that in your base controller if you will, so all will automatically inherit it.

    Note that this requires "http_header_name" in your session config to be set to "Session-Id" (which is the default), and also that your client retrieves this id from the response header, and inserts it in every request header. So it needs a client side app of some sort...
  • BriceBrice
    Ok, thank you Harro.

    Another question :)

    Concerning redirection, I use \Response::redirect().
    So, to modify header, I should override this function and "set_header" $response. You agree?

    public static function redirect($url = '', $method = 'location', $code = 302)
    {
    $response = new static;

    $response->set_status($code);

    if (strpos($url, '://') === false)
    {
    $url = $url !== '' ? \Uri::create($url) : \Uri::base();
    }

    if (\Config::get('response.redirect_with_wildcards', true))
    {
    strpos($url, '*') !== false and $url = \Uri::segment_replace($url);
    }

    if ($method == 'location')
    {
    $response->set_header('Location', $url);
    }
    elseif ($method == 'refresh')
    {
    $response->set_header('Refresh', '0;url='.$url);
    }
    else
    {
    return;
    }

    $response->send(true);
    exit;
    }

    Thanks
  • HarroHarro
    You can't use a response (at all, not only the header) when you redirect, the browser will discard all responses on a redirect of any time.
  • BriceBrice
    I can't preserve "Session-Id" in HTTP Header when i make a redirection. What is the solution ?

    Snippet of my login function : 

    public function action_login()
    {
    if (!$this->is_logged):

    //display login page
    \Theme::instance()->set_partial('content', 'orders/login')->set($data);
    else:
    //Redirect to dashboard
    \Response::redirect(\Uri::create('dashboard'));
    endif;
    }





  • HarroHarro
    You can't.

    The HTTP specification clearly states that a browser MAY discard any data as soon as it sees a redirect, and issue a new HTTP GET for the new location. All browsers do, some don't even make downloaded data available, and javascript for example will never be executed.

    So use cookies. That is what they are there for.

    The HTTP header method is mainly used in environments where the client is not a browser, and therefore cookies can't be used.
Add a Comment

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Categories

In this Discussion