Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Archive

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Silverstripe and cookies


Reply

4 Posts   2351 Views

Avatar
julian

12 March 2007 at 1:47am Community Member, 17 Posts

Hi all,

I saw that there was a method in browser.php: 'ignoreCookies' -- any ideas what this does?

I'm asking because I'm doing a mobile app with Silverstripe and it looks like Silverstripe's authentication requires cookies -- i.e. it doesn't do embedded URL rewriting if cookies aren't supported. And the W3 guidelines on cookies for phones is 'don't rely on them' => don't rely on silverstripe for authenticated mobile access?

Any plans to incorporate this feature in future? I know it's an architectural issue -- URL generation will need to be abstracted but I think it's pretty well done anyway? It'd need to be changed so all links include the contents of the cookie as params. Yeah it sucks if the user types a URL but they're unlikely to do that on a mobile.

cheers!
J

Avatar
Sigurd

12 March 2007 at 4:19pm Forum Moderator, 628 Posts

Good points.

Regarding mobile phones: We clearly want to be able to have our sites accessed on a mobile phone, although realistically until they have decent screens and browsers, few people will use them. Most websites out there, even without a mobile phone, do not need authentication, but I we don't want to be in a situation where you cannot use SilverStripe for mobile applications because of cookie issues. I know from Ben Nolan, who wrote moso.co.nz, a complex mobile phone app, that cookie support was very good even on the fairly backward New Zealand phone industry. I'll ask him to comment :)

Avatar
Sam

12 March 2007 at 4:34pm Administrator, 685 Posts

This isn't something that we had considered thus far; however, it's unlikely to be too hard to get *something* going. There used to be some sort of setting to disable link rewriting, although I can't find details of it.

The reason that we disable this setting is because when a user first visits, it has no way of knowing whether cookies are supported, so the first links out of the homepage always have a ?PHPSESSID=3453425345345234 added to them, which was too ugly for us to bear ;-)

That said, this should be something that developers set on a site-by-site basis.

Julian, if you figure out how to re-enable the URL rewriter I'm more than happy to put a patch into the next release.

Avatar
Ben

12 March 2007 at 9:03pm Community Member, 1 Post

Cookie support on phones is so so. You probably want to do url rewriting if you can. The markup can be kinda anal too - little things you'd get away with in xhtml will kill the browser on xhtml-mp.

It's doable though!