0

I will explain my problem. I need to know if the steps below are correct:

The user enters their login details and these get submitted to the php server. If these are correct, I want to use the php code to start a session. However, because this is a mobile device I will be using html5 session storage. Now, my mobile website is all ajax based with no page reloads. So if the user submits the correct login credentials, I make an ajax response back to the user with what information? The SID/session_id of the session_start? Then, on the mobile device I place this session_id into the html5 session storage?

So, if these steps are correct, when the user then navigates around the website they are now logged in. And if they want to do something e.g. access a private page this creates an ajax request to the php server... this is where I am stuck. I assume that in this ajax request I send the session_id from the html5 session storage object, how does the php server use this id to prove the user is authentic? Presumably I need some kind of if statement and if it's not satisfied, send an ajax response back which my javascript will interpret as redirecting the user back to the login screen.

Many thanks if anyone can help me, it will be much appreciated as I am very stuck.

Note that cookies are not an option...

Improve this question
5
  • 1
    Why is using cookies not an option? All major sites use cookies for this. Why is it necessary to emulate a session cookie's functionality using HTML5 local storage (which is surely possible, but, well... hard work) Commented Sep 26, 2011 at 9:45
  • Because the website is designed for a mobile device and instead of page refreshes there are ajax requests... there are no page refreshes throughout the entire site. Is there is an alternative way to do what I outline above instead of using the html5 session storage object? Commented Sep 26, 2011 at 9:51
  • 1
    Pekka is completely right. If you follow your own plan, in the end, you will have done the same that a session cookie could have done for you. Why do you want to this "hard work"? Commented Sep 26, 2011 at 9:52
  • Maybe I am misunderstanding things.. Commented Sep 26, 2011 at 9:52
  • 1
    It doesn't make a diffrence if it is a mobile or a desktop. You just have to handle a simple browser... Commented Sep 26, 2011 at 9:53

1 Answer 1

Reset to default
1

You could theoretically use HTML5 local storage to store the session ID, or transmit the session ID as a GET parameter in every request and pass it manually to PHP using session_id(), but I can't see the benefit. You might as well rely on cookies for this - they will be transmitted in Ajax requests.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks. I assumed cookies weren't transmitted in Ajax requests.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.