Add no-cookies warning to Access denied?

That'd be a nice easy feature. Here's a link to some info on zend.com about detecting cookies in php.
http://www.zend.com/codex.php?id=8&single=1

Since we always give a session cookie it would make sense that we might be able to work out an elegant solution testing for $_COOKIE['PHPSESSID'].

So there's a bit of early conjuring and research for anyone interested in picking this up.

i can't work on this myself right now, but this is a long-standing itch of mine. ;) i'd love to see this in core, though i agree this is going to have to wait for 6.x. huge +1 from me in spirit. i'll certainly test/review if someone else provides a patch, and i might even take up the charge myself if i don't see progress and it's getting close to the D6 code freeze... ;)

cheers,
-derek

I wrote a small module for my sites which displays a message on the login page if cookies are disabled.

Maybe it will be of interest to you, please have a look. http://cvs.drupal.org/viewcvs/drupal/contributions/sandbox/flanker/login...

At the moment it's only in my sandbox but i can create a project of it later.

Ralf

This issue actually highlights a more difficult one that we have run into on SavannahNow.com.

We run and allow a number of scripts to interact with our site (including Google's web crawler, a 3rd-party search indexer, and some automated input scripts). These scripts all run with cookies off. The result is that for every page view, a new PHP session is spawned. Since we have a large site, with 200+ pages added per day, our sessions table fills up. Having a large session table is a known issue with Drupal performance.

We're looking for a way to enable a single session for these automated scripts, but are open to other suggestions. For examnple, CURL requests can implement cookie handling. That should work for our scripts, but does nothing for Google and other 3rd-party bots.

Mind you, we're running 4.6, and are still researching changes in 4.7 and 5 that may solve this issue.

Marking as duplicate of http://drupal.org/node/137678

No, this is duplicate with http://drupal.org/node/2946 -- gotta love those open issues with the 4 digit nids, and that's the oldest reported instance of this issue.

Well, I am a believer in the "Make the issue with the most valuable discussion the master issue" method, but yeah, I suppose a 4 digiter carries a lot of weight...

Hello Everyone,

I am and was so surprised that this isn't handled, Drupal seems to be so well engineered and although cookies are a standard part of the web these days with the heightened awareness of security more people are turning off cookies or using features that only accept cookies from trusted websites. For a user to know to add a Drupal site to their trusted list we need to provide a message to them indicating the issue.

I would love to see this in core, but a module for D6 would be fine ;-)

Rich

Commenting here is useless. Please see #2946: Login fails and no warning is issued if cookies are not enabled. Thanks.