search engines and cookies

[FrEaKmAn]

Hi,

I have a question regarding cookies, does search engine accepts them? Because on my site I have set that cookies have to be set, otherwise it's looping, until cookie is accepted and if SE doesn't want cookies, then I have a problem. I tried validating site with w3.org and I get 302 error, maybe this is problem...

my website: moystudio.com

in case cookies are bad, what about sessions? I think it should be problems with this...

[Buzz]

Why are you setting a cookie at all? Why are they needed for that site? I see nothing that should require a cookie. I note that the cookie is for language selection, but there's no such item in the UI.

As far as I know, spiders will not accept cookies but language cookies may be anotehr matter.

Nice looking site.
As for validation.. see attachment.

[FrEaKmAn]

back then I didn't know how to use sessions so I used cookies. You probably didn't see the whole page, only slovenian version. What I did is that I'm setting language depending on the page you are looking. So like moystudio.com/novice is for slovenian language and moystudio.com/news with set cookie to english and so on. Then, I think I'll need to change this, because main page is loaded depending on the cookies, so it's different content for every language, but same url...

if engines don't like cookies, then this explains why my website isn't indexed

about validation, I know, it's a big mess but I'm working on it..

[FrEaKmAn]

so I changes from cookies to sessions, I used wonderful session_set_save_handler() and after few hours I have already 180 sessions (well inputs in db which are cleaned on every 1000 reloads, I think)

is this normal? is there any script of better article how to create "users online" script and also include all bots etc..

[Buzz]

I generally don't like linking to webmaster world because of their overly abundant user sign up campaign (it's annoying and prevents content from being shown sometimes.) Byt a Google search turned up these two items related to google and sessions/cookies....

http://www.webmasterworld.com/forum39/423.htm

http://www.webmasterworld.com/forum10003/3595.htm

[FrEaKmAn]

well sessions inputs went up to 200 but now it's around 15 so it's much better...

[FrEaKmAn]

I have a question regarding sessions and security. Is it enough to for example add session $_SESSION[admin]='1' after admin has logged in? So just to create a session which is checked if exists on every admin page?

[Buzz]

Honestly, I'd use a cookie for admin flags. Sessions can be faked, cookies can't.

[FrEaKmAn]

can I get more info, so you are talking about creating a cookie. But what should I pu inside?

[Buzz]

You can use the same thing in a cookie..

PHP Code:

setcookie ('user',  'authorized', time()+36000); 


then check for the cookie in the admin areas

PHP Code:

if($_COOKIE['user'] != 'authorized') {
    echo 'You are not authorized for this area!';
        header("Location: index.php");
        exit();
   } 


You will need some sort of login script to set the cookie however. I'm uncertain how you were determining when to set the session.

[FrEaKmAn]

it's possible but I'm not big fan of cookies. I would need to reprogram if I want to use cookies for users, so I'll have to save something else then authorized...

[Buzz]

You can just set the cookie for admins you know. You don't need to set one for every user. Set the cookie at the same time you set the session variables. Just an if statement for admin users. With no cookie set the above authorization check will fail the same as if the cookie wasn't "authorized".