Jump to content

session ID as url parameter (instead of cookie)

thausmann

By thausmann,
in General Support

 Share

Recommended Posts

thausmann Jr. Member

thausmann

Posted
Posted

Hi all, 

is there an easy way to implement login and session handling that doesn't require cookies? I'm thinking about passing the session ID as a URL parameter instead of a cookie (like good old PHPSESSID) but I cannot get it working. I can easily append the URL parameter, but I cannot "restore" the session on the server. Do you think it's possible or is the cookie behaviour hardcoded in Session.php?

Background: Browsers are working towards more privacy protection and banning "3rd party cookies". While this primarily targets tracking services, it applies to all sites embedded as an iframe. We are using Processwire like an iframe "Applet" for other websites and we start seeing problems (user logins reset) due to the new privacy policies. Safari has already implemented this, Chrome has scheduled this as a standard for 2022 but already has a privacy setting for this feature.

Link to comment
Share on other sites
horst Hero Member

horst

Posted
Posted

Maybe not exactly what you are after, but ...

You can dynamically enable / disable session (cookies ?) like this in site/config.php 

// DISABLE COOKIES FOR FE ONLY, AS WE NEED COOKIES ON THE BE (!)
$config->sessionAllow = function($session) {

    // if there is a session cookie, chances are user is logged in
    if($session->hasCookie()) {
        return true;
    }

    // if requested URL is an admin URL, allow session
    if(isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], '/processwire/') === 0) {
        return true;
    }

    // otherwise disallow session
    return false;
};

 

Link to comment
Share on other sites
thausmann Jr. Member

thausmann

Posted
  • Author
Posted

@horst thanks, we still need the session / active login somehow but maybe this is a starting point. 

@LostKobrakai thanks for the link, the Storage Access API looks very promising (requesting user permissions) and matches our use case (user is already signed in in the main window). Apparently this has no Chrome Support (yet). For the OAuth Solution I need more time to understand it ?

Will post updates here if I find a solution!

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...