#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    2
    Rep Power
    0

    Arrow Session Variables and Mobile Devices


    I am developing some online forms that are integral to the revenue of our website. As part of these forms, I plan to use session variables to pass security tokens (nonce) and other useful information from the form page to the form handling page.

    My question is:

    Do session variables work on all mobile device browsers? I wasn't sure if my forms would fail to work on any mobile browsers that may not allow for sessions.

    Does anyone have any guidance or knowledge about mobile compatibility and session variables?

    Thanks for any help!
  2. #2
  3. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,238
    Rep Power
    9400
    Originally Posted by Deke
    Do session variables work on all mobile device browsers? I wasn't sure if my forms would fail to work on any mobile browsers that may not allow for sessions.
    Sessions only require cookies. A single cookie, in most cases. If the device can browse the rest of the Internet then they can use your sessions.

    Originally Posted by Deke
    Does anyone have any guidance or knowledge about mobile compatibility and session variables?
    Not applicable. The actual device the user has is irrelevant so long as it supports cookies.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    2
    Rep Power
    0
    Hi requinix,

    Thanks for the helpful advice! One last question... if I create a CSRF token (nonce) to be passed to the form handler php page via a session, does that mean my form won't submit (because it won't validate) for people who have cookies turned off?

    Thanks!
    Deke
  6. #4
  7. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,238
    Rep Power
    9400
    If the user disables cookies then they probably won't even be able to use your site at all because sessions ($_SESSION and the like) won't stick. Like they won't be able to log in. CSRF tokens are one of the other casualties.

IMN logo majestic logo threadwatch logo seochat tools logo