Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Silverstripe and cookies


Reply


4 Posts   2423 Views

Avatar
julian

Community Member, 17 Posts

12 March 2007 at 1:47am

Hi all,

I saw that there was a method in browser.php: 'ignoreCookies' -- any ideas what this does?

I'm asking because I'm doing a mobile app with Silverstripe and it looks like Silverstripe's authentication requires cookies -- i.e. it doesn't do embedded URL rewriting if cookies aren't supported. And the W3 guidelines on cookies for phones is 'don't rely on them' => don't rely on silverstripe for authenticated mobile access?

Any plans to incorporate this feature in future? I know it's an architectural issue -- URL generation will need to be abstracted but I think it's pretty well done anyway? It'd need to be changed so all links include the contents of the cookie as params. Yeah it sucks if the user types a URL but they're unlikely to do that on a mobile.

cheers!
J

Avatar
Sigurd

Forum Moderator, 628 Posts

12 March 2007 at 4:19pm

Good points.

Regarding mobile phones: We clearly want to be able to have our sites accessed on a mobile phone, although realistically until they have decent screens and browsers, few people will use them. Most websites out there, even without a mobile phone, do not need authentication, but I we don't want to be in a situation where you cannot use SilverStripe for mobile applications because of cookie issues. I know from Ben Nolan, who wrote moso.co.nz, a complex mobile phone app, that cookie support was very good even on the fairly backward New Zealand phone industry. I'll ask him to comment :)

Avatar
Sam

Administrator, 685 Posts

12 March 2007 at 4:34pm

This isn't something that we had considered thus far; however, it's unlikely to be too hard to get *something* going. There used to be some sort of setting to disable link rewriting, although I can't find details of it.

The reason that we disable this setting is because when a user first visits, it has no way of knowing whether cookies are supported, so the first links out of the homepage always have a ?PHPSESSID=3453425345345234 added to them, which was too ugly for us to bear ;-)

That said, this should be something that developers set on a site-by-site basis.

Julian, if you figure out how to re-enable the URL rewriter I'm more than happy to put a patch into the next release.

Avatar
Ben

Community Member, 1 Post

12 March 2007 at 9:03pm

Cookie support on phones is so so. You probably want to do url rewriting if you can. The markup can be kinda anal too - little things you'd get away with in xhtml will kill the browser on xhtml-mp.

It's doable though!