What would happen if cookies are disabled on the system? [closed]

Question

Closed. This question needs to be more focused. It is not currently accepting answers.

---

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 9 years ago.

Improve this question

I am new in development. Although I have some idea about the working process of sessions and cookies, I have one doubt in my mind: what would happen if cookies are disabled on the system? How session would uniquely identify the user, etc.?

Answer 1

That's interesting question.

Although PHP sessions were invented initially to work with cookies disabled, this feature was proven insecure and become somewhat frowned upon nowadays.

However, this feature still works - PHP can rewrite all local links adding session id to them and thus make it transferred from page to page.

Yet it's still insecure, as unsuspecting user may send a hyperlink to a friend, and session id as well - making friend logged in.

How session would uniquely identify the user, etc.?

The idea of a session is not to identify the user but to transfer a session id between separate requests. So, as long as you can manage to do so - you can keep the session. Say, in a modern web-application that is using AJAX all the way, one can do without cookies all right, yet keep application pretty secure - just by means of transferring session id strictly via AJAX calls, not showing it in the address bar.

Answer 2

Some server-side frameworks can use URL rewriting to maintain session state in the absence of cookies. For such frameworks, sessions can still be maintained though information could not be persisted once the user leaves (e.g. you could not save the username to pre-populate a login field when the user checks "remember me").

For systems that rely on cookies, no session would be possible.

Many websites offer some capability when the user is not logged in (for example, you can browse Stack Overflow but not post).