Simple way to enforce cookies for sessions?

[judgej]

What's going on here? (2.2MS1)

 

I've commented out the line in html_output.php that adds sids to the URLs:

 

//$link .= $separator . $sid;

 

and the sessions still work, or appear to. I've closed all browsers, check for cookies, and can find none hanging around.

 

So my question is: is that all that is needed to enforce the use of cookies on the site? Is there something else I need to watch out for? Also, is there an easy way to detect a browser that does not accept cookies, so I can give the user a warning, or do I just need to send one on the first page access and see if I get one back?

 

As an asside, if the osCommerce product sends a cookie anyway, then way does it also send a SID in the URL - i.e. if it works without the URL SID, then why is it adding one on? Or am I misunderstanding something here?

 

At the end if the day, I don't want session IDs to appear in URLs. Period. My standard and SSL server support use the same server names and virtual directories.

 

-- Jason