Session Management and PHP 4

**KeithMcL** · Oct 24, 2000, 06:09

For those that are quite familiar with PHP, maybe you can give me concrete advise on this.

If I wanted to use sessions to store a particular ID for each login, but only for the period of time the person stayed logged in, would I be better off using session management to store the ID in a mySQL db or a file of some sort?

Also, are there any advantages to using one over the other?

thanks,

**mad-onion** · Oct 24, 2000, 12:05

The problem with a file is it could be easily intercepted, if you are on a shared server (and that could obviously be bad)

If you are on a shared server i would go with a db, if you are on your own server store a file in a non-web directory and hope that no-one hacks you.

NB: If you are a bank or something disregard my comments.

**Son Nguyen** · Oct 24, 2000, 17:18

I am not sure why you need additional storage methods when using session management?
Since with session management in php, it will monitor the visitor moving from one to another page, so if you call session_start() at the beginning, those registered vars will be available to access/check for authorization

I believe the session management itself has several methods to store the session info. (cookie, session id, temp db, or temp text file)

**Anarchos** · Oct 24, 2000, 17:54

The session id isn't a method of storing the session by itself, it's just passed on the url when you're not using cookies, and then used to store the session in the right text file or database.

**Son Nguyen** · Oct 24, 2000, 18:32

If the server supports transparent sessionID, you don't need to pass it with the URL
Check out phpinfo() for details of that feature

User Tag List

Thread: Session Management and PHP 4

Thread Tools

Display

Bookmarks

Bookmarks

Posting Permissions