I am starting session with
$sess = new Zend_Session_Namespace('MySession');
and session works fine but problem comes when cookies are disabled in browser. i have a big application ,
so what will be the best solution to make it work on cookie-less environment.
On
Instead of supporting cookie less browsers, you can display a warning on your login page that cookies are required. many web application force you to have cookies enabled these days.
// make sure cookies are enabled
$.cookie('test_cookie', 'cookie_value', { path: '/' });
if ($.cookie('test_cookie') != 'cookie_value') {
noty({"text":"Cookies must be enabled to log in. <a href='http://support.google.com/accounts/bin/answer.py?hl=en&answer=61416' class='noty_link'>Click here to learn how to enable cookies.</a>","layout":"top","type":"error","textAlign":"center","easing":"swing","animateOpen":{"height":"toggle"},"speed":500,"closable":false, "closeOnSelfOver":false, "timeout":"", "closeOnSelfClick":false});
}
this code snippet uses jquery.cookie.js (https://github.com/carhartl/jquery-cookie) & noty (http://needim.github.com/noty/) plugin plugins
You could set the session.use_only_cookies to "0" and append the session ID to the URL in your code, so every link or redirect would have something like "session_id=4b5fe6a4019a8cd7fc4326664e9e03ae" appended to the URL.
This approach have many issues, the biggest one is that if a user decides to share an URL, lets say in Facebook, he/she would copy the whole url from the browser (including the session ID) and everyone who clicks that link will capture the user's session.
Have a look at this.