This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo

Silverstripe and cookies

4 Posts 3337 Views

julian

Community Member, 17 Posts

12 March 2007 at 1:47am

Hi all,

I saw that there was a method in browser.php: 'ignoreCookies' -- any ideas what this does?

I'm asking because I'm doing a mobile app with Silverstripe and it looks like Silverstripe's authentication requires cookies -- i.e. it doesn't do embedded URL rewriting if cookies aren't supported. And the W3 guidelines on cookies for phones is 'don't rely on them' => don't rely on silverstripe for authenticated mobile access?

Any plans to incorporate this feature in future? I know it's an architectural issue -- URL generation will need to be abstracted but I think it's pretty well done anyway? It'd need to be changed so all links include the contents of the cookie as params. Yeah it sucks if the user types a URL but they're unlikely to do that on a mobile.

cheers!
J

Sigurd

Forum Moderator, 628 Posts

12 March 2007 at 4:19pm

Good points.

Regarding mobile phones: We clearly want to be able to have our sites accessed on a mobile phone, although realistically until they have decent screens and browsers, few people will use them. Most websites out there, even without a mobile phone, do not need authentication, but I we don't want to be in a situation where you cannot use SilverStripe for mobile applications because of cookie issues. I know from Ben Nolan, who wrote moso.co.nz, a complex mobile phone app, that cookie support was very good even on the fairly backward New Zealand phone industry. I'll ask him to comment :)

Sam

Administrator, 690 Posts

12 March 2007 at 4:34pm

This isn't something that we had considered thus far; however, it's unlikely to be too hard to get *something* going. There used to be some sort of setting to disable link rewriting, although I can't find details of it.

The reason that we disable this setting is because when a user first visits, it has no way of knowing whether cookies are supported, so the first links out of the homepage always have a ?PHPSESSID=3453425345345234 added to them, which was too ugly for us to bear ;-)

That said, this should be something that developers set on a site-by-site basis.

Julian, if you figure out how to re-enable the URL rewriter I'm more than happy to put a patch into the next release.

Ben

Community Member, 1 Post

12 March 2007 at 9:03pm

Cookie support on phones is so so. You probably want to do url rewriting if you can. The markup can be kinda anal too - little things you'd get away with in xhtml will kill the browser on xhtml-mp.

It's doable though!

Return to top