Have done templates and mysql now onto sessions :)
Firstly, would you recommend using phplib for use with sessions? this is what phplib was first written for wastn't it. My needs are as follows:
i) to have an original non authentication required session with certain preferences set. This would include for example language so that if they click a certain link a language setting gets put into the session.
ii) this session can be replaced by another session if they choose to log into the "log in" section at which point a call to mysql will find their permissions which is then set in the session.
iii) the admin section will have different users with numerous different permissions, again similair to part ii).
It is real important that this would work on PHP3 as well as PHP4 on windows as well as linux.
If you think phplib is the one, cool it looks like it. Do you also know of any articles on using phplib sessions. I found this one:
but a few others would be useful.
If it has to work on PHP3 as well as PHP4 then phpLib is pretty much your only option - unless you want to write your own session handling routines.
Personally I ended up writing my own session handling stuff simply because I had very simple but specific needs - I wanted a session cookie that stores a nice big ugly random session key and shows the user is logged in. When they hit a page their session ID is used to pull up their user details from a database, and all internal stuff to do with their preferences etc is dealt with based on knowing what their user ID from the database is.
I had to admit I've never used phpLib's session support myself - I read up on it but decided that it wasn't what I needed. It's an excellent library from what I've heard (and I use the database abstraction and template classes from it all the time) so for your situation it sounds idea.
i am beginning to think custom might be the way to go, mainly because i don't think the auth_ section is going to be much use because i will have specific access per person based on settings in their user table.
The only "session" data i am really going to need is language, which could then be added to the database. I assume for each page you are doing a query to the database to check the session is valid and then a query to the user table to get the info.
Does your session table look something like
ID | SessionHash | UserID | Expire_Time
or something like that then?
If i just added lanague on to the end of that, then i would have all i needed for the session and could do all the permissions based things internally in the script, which is really what i want i think.
How are you passing the session across from 1 page to another? using cookies or are you putting it as a hiddend in forms and as part of the url?
the session thing in phplib is a bit too confusing. I am tempted to use php4 native session handling. I am wondering how many people this would stop being able to use my script, are there any stats for php3/php4 usage?
Chris, I would just stick with php4 session management, just make php4 a prerequisite for using your script. I mean the only people using php3 are lame ISPs who either have a lazy staff that doesn't know how to recompile php, or just plain has no system administrator.
But IMHO its like designing for 3.0 browsers, why cater to the old stuff instead of educating your users to upgrade. Plus PHP4 built-in session management is way easier to use than phplib, it was great for sessions when php3 was the only game, but with php4 its not needed anymore.
cool thanks freedy for the advice, i will stick with php4 i think then. Thanks everyone.