UBB.Developers Forums UBB.threads 6 V6 Modifications V6 Mod Ideas Cookie/Session Option to Users?

To me, this seems like it would be a difficult and involved hack. Basically, I'd like to allow my users to pick whether they want to use cookies or sessions. Is this even possible/feasible?

The reason this came up at all was that I have a veteran member who recently enlisted in the Navy. He only has access to shared computers on base, and they are set to not allow cookies. This means he can't post on the site. I switched to sessions to accomodate this, and it works just fine with him.

However, some users have been complaining about having to login to the site all the time now. On the other hand, others like the fact that they don't leave "cookie crumbs" now and have more security because of that (not having to worry about using public computers.)

Anyway, could this idea become a reality?

Bump?

That would be a great hack!

It shouldn't be to hard to make this, since it's already an admin option to switch between cookies and session mode.

Adding a new filled to the user table and modifing the authentification parts to read from the user table instead of the config option.

And I suspect that the login script has to be modified to check if a cookie exists and log in from that (if the user chose the "Remember Me") and in the login process query that field...

Hmmm me starts thinking now... but looks at the list of TODO and gets discouraged...

Warm regards

Nikos

I believe that .threads uses a session/cookie mix so cookie use is still needed.

Yes, .threads uses a cookie to store the session-id and the user-id.
Maybe using auto-trans-id or an external session management class can avoid to make many changes to threads... But this would be a bad implementation, i suppose.

Wow, so I created a real brainstormer, eh? Josh came up with a good hack idea! *does the dance of joy* Remember Balky?

Any updates?

No dice?

Not at the moment from me. I have quite a few projects to finish. Sorry... Maybe someone else can pick this up

I'm afraid there is no quick solution for this.
Acchieving the wanted behaviour would at least require heavy changes to several scripts and modifying your php configuration, so that the session-id is handled over automatically.
If you can't modify your php configuration, you'll have to append the session-id to every link. So you'll have to modify every single script.

Lot of work for a "little effort", i think.
Changing the login/authentication mechanism is more a question of basic software design. In most cases, it's a bad idea to hack that.

D'oh. Okay. Thanks anyways fellas.