If the cookie is disabled, can the session be used? Why?

If the cookie is disabled, can the session be used? Why can the session be used if the cookie is disabled? Why?

Reply content:

If the cookie is disabled, can the session be used? Why?

The common session implementation method is cookie-based. Therefore, when the cookie is disabled, the session becomes effective.

Theoretically, as long as a token can be added to the returned page to identify the session, the session can be maintained when the browser submits the next time.

Therefore, cookie is only the most elegant way to implement the session, because the cookie is invisible to the user and will be automatically transmitted in the HTTP message.

However, the session can also be maintained in other ways, such as placing a sessionId in the URL parameter :)

This problem is illustrated as follows:
Http requests are stateless .. If you are a browser and a server, you can call me if you know my phone number, but I don't know your phone number, I want to talk to you only when you talk to me ..
The problem arises. If you want to convince me that you are the one who called me yesterday, you must use a new item. For example, when you call me, I will give you a string of numbers, the next time you call me to tell me the number, I will know who you are. The number stored here is called session (which can be simply understood as this ), you saved a copy of the cookie. You can call me later and send this cookie to me. This is the principle of session and cookie.
So, if you want to disable the cookie, I will not be able to use the cookie to give it to me. You can also put this string of numbers after the url or in the form.
Well, that's it .. I wonder if you understand it ..

Http://segmentfault.com/a/1190000003012552

Generally, the Session id is recorded in the Cookie. If all cookies are disabled, the Session becomes invalid. However, the Session id also has another transmission method, that is, to carry the Session id in the URL query (both the Session id parameters are included in all URLs, such as: http: // xxx/index? Sid = ...). This method is not enough (all links must be included), and it is easy to lose the Session id (the address can be considered as a change to remove the ID, in environments where Cookies cannot be used, they can be used as replacements.

In php, session_id is the unique id of each session, which is saved to the cookie by default. During a request, the session is identified based on the session_id in the cookie.

However, you can modify it in the trans_sid setting (during compilation or php. ini) file. After the modification, session_id can be detached from the cookie. The difference is that when the cookie is used, session_id is obtained from the cookie, session_id will follow the url (PHP automatically does this)

If the cookie is disabled, the url is overwritten. The session can still be used.

Https://www.zhihu.com/question/19786827/answer/21643186