Session ID when Coockies are Disabled

moiri / pflanzenlabor

The source code for the webpage of Giovina Nicolai

https://www.pflanzenlabor.ch

1 stars 0 forks source link

Session ID when Coockies are Disabled #6

Open moiri opened 6 years ago

moiri commented 6 years ago

Originally reported by Simon Maurer (Bitbucket: moiri, GitHub: moiri)

If cookies are disabled, currently the session id is not collected from the $_GET variable.

This has to be fixed. Check this StackOverflow Issue for an example of how to do this

Bitbucket: https://bitbucket.org/moiri/pflanzenlabor/issue/6

moiri commented 6 years ago

Original comment by Simon Maurer (Bitbucket: moiri, GitHub: moiri)

About javascript: A popup should notify user who is blocking js where pflanzenlabor is using js and for which purpose

moiri commented 6 years ago

Original comment by Simon Maurer (Bitbucket: moiri, GitHub: moiri)

It is not a good idea to pass the session id via the url. A user might accidentally send the link with the session id to someone else and by doing so passing personal information along.

A friendly message should notify the user why cookies are used and why they are not harmful.