Jump to:

17452 Posts in 4473 Topics by 1971 members


SilverStripe Forums » Archive » Silverstripe and cookies

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Page: 1
Go to End
Author Topic: 2343 Views
  • julian
    Community Member
    17 Posts

    Silverstripe and cookies Link to this post

    Hi all,

    I saw that there was a method in browser.php: 'ignoreCookies' -- any ideas what this does?

    I'm asking because I'm doing a mobile app with Silverstripe and it looks like Silverstripe's authentication requires cookies -- i.e. it doesn't do embedded URL rewriting if cookies aren't supported. And the W3 guidelines on cookies for phones is 'don't rely on them' => don't rely on silverstripe for authenticated mobile access?

    Any plans to incorporate this feature in future? I know it's an architectural issue -- URL generation will need to be abstracted but I think it's pretty well done anyway? It'd need to be changed so all links include the contents of the cookie as params. Yeah it sucks if the user types a URL but they're unlikely to do that on a mobile.


  • Sigurd
    Forum Moderator
    628 Posts

    Re: Silverstripe and cookies Link to this post

    Good points.

    Regarding mobile phones: We clearly want to be able to have our sites accessed on a mobile phone, although realistically until they have decent screens and browsers, few people will use them. Most websites out there, even without a mobile phone, do not need authentication, but I we don't want to be in a situation where you cannot use SilverStripe for mobile applications because of cookie issues. I know from Ben Nolan, who wrote moso.co.nz, a complex mobile phone app, that cookie support was very good even on the fairly backward New Zealand phone industry. I'll ask him to comment

  • Sam
    679 Posts

    Re: Silverstripe and cookies Link to this post

    This isn't something that we had considered thus far; however, it's unlikely to be too hard to get *something* going. There used to be some sort of setting to disable link rewriting, although I can't find details of it.

    The reason that we disable this setting is because when a user first visits, it has no way of knowing whether cookies are supported, so the first links out of the homepage always have a ?PHPSESSID=3453425345345234 added to them, which was too ugly for us to bear ;-)

    That said, this should be something that developers set on a site-by-site basis.

    Julian, if you figure out how to re-enable the URL rewriter I'm more than happy to put a patch into the next release.

  • Ben
    Community Member
    1 Post

    Re: Silverstripe and cookies Link to this post

    Cookie support on phones is so so. You probably want to do url rewriting if you can. The markup can be kinda anal too - little things you'd get away with in xhtml will kill the browser on xhtml-mp.

    It's doable though!

Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.