While using the net, you may have seen web sites that require your browser to support cookies. The reason why, in my opinion, is simple. Such a requirement is another layer in the battery of security measures available to webmasters. This one is aimed to minimize the possibilities of session related attacks. It is just a reasonable "restriction" at a minimal cost when critical transactions are involved. Probably, all potential users of such interaction have browsers with cookie capabilities. It's a matter of balance.

If you run a web application that relies on PHP sessions, why not do the same online banks or ecommerce sites do? Ah... what would you loose? What would you win? Well, obviously I'm for doing so. Here, I'll try to point non-developers to some information to help them decide. Then I propose (and describe how) to require cookies for session's tracking while taking advantage of browser security features to protect those cookies (on the client side) and also make sure PHP will never append the SID to URLs.

This tutorial just shows you one of lots of possible implementations to create dynamic signatures. A dynamic signature is a banner image which is dynamically generated by a small script. So you can use a default background image and write over it any information. The limit is your own imagination.

Actually, I'm going to explain how I implemented mine and post the resources I used. As I believe it might be useful to share the basics. I hope you learn something, as well as I did, sometime ago. ;)

The samples used here use a GIF image for the background and generate a PNG image using GD functions present in almost all PHP installations. So, if you need another approach, you should change the relevant pieces in the code itself to adapt the samples to your own needs.