Temp files

[The New Guy]

This is a two part question.

#1. Lets say I use session_start() on each page, but I don't carry over the session id for those users with cookies disabled. Am right in assuming that each page will create a new session? if so does that bother the server when a bunch of 0kb are created? how long would these empty sessions last?

#2. Upload script, the user uploads a file, it goes to a temp directory, now how long would this files last? And is there a way to check its file type BEFORE it goes to the temp directory?

Thanks

[The New Guy]

Ok I have no idea why it was posted here lol, could someone move this to the PHP forum. Thanks

[Toly]

To answer the first question, sessions are stored on a temp directory not in cookies unless of course you want it to. I also believe that sessions end when you close your browser.

I'm sure someone else might help you with the second one as I do all my checking after the file is stored on the temp directory.

[The New Guy]

Don't sessions use cookies to locate the session?

[Darin]

Don't sessions use cookies to locate the session?

It's a variable which is carried on to all your pages.

[The New Guy]

Why is it that you only need to pass session id through a link when a user has disabled cookies?

[Toly]

You can propagate your sessions through cookies. But getting back to your point, if you use cookies to pass SID, username, etc. and one user does not have cookies enabled then he/she won't be able to navigate the site.

There's only one page that will create new sessions and the other pages you'll have protected by sessions will only verify if the SID exists. If it doesn't exist it will give an error message.

This is way it's better to propagate sessions through urls or if --enable-trans-id has been compiled with PHP so it will pass in an invisible way. You could also opt to use a dbase to store your sessions.

[Icheb]

"then he/she won't be able to navigate the site."

That's true and that's the reason why many bulletin boards give the user an option to either pass the session id in URIs or store them in cookies.

"There's only one page that will create new sessions and the other pages you'll have protected by sessions will only verify if the SID exists. If it doesn't exist it will give an error message."

No, if you use session_start() it checks whether a session with the given id is active or not. If there's no active session found it will start a new session. However, if there is a session found it will continue to use it.
The name session_start() is possibly a bit misleading, since you have to use it on every page where you intend to use sessions. It basically tells PHP to use sessions and start / continue a session as I explained above.

"so it will pass in an invisible way"

If PHP is compiled with --enable-trans-sid , session ids are automatically appended to links, not "transmitted by magic".


"how long would these empty sessions last"

You can set the time span after which sessions expire with the session.cookie_lifetime directive in your php.ini

[Toly]

No, if you use session_start() it checks whether a session with the given id is active or not. If there's no active session found it will start a new session. However, if there is a session found it will continue to use it.
The name session_start() is possibly a bit misleading, since you have to use it on every page where you intend to use sessions. It basically tells PHP to use sessions and start / continue a session as I explained above.

I guess I didn't make myself clear on this. I was more focusing on the fact that if you have a login page with username and password fields and you have some pages protected with sessions, you verify if the username/password match then if it doesn't match it will go back to the login page or display an error message.

If PHP is compiled with --enable-trans-sid , session ids are automatically appended to links, not "transmitted by magic".

I don't recall saying that session ids are "transmitted by magic".

[Icheb]

There is nothing sent "in an invisible way" as you stated. And by "transmitted by magic", I meant just that.

[Toly]

I know what you meant and my point was that you won't be able to see sessions ids within the url if you use that method. I wasn't trying to get technical here.

[Icheb]

No, the point of trans-sid is that session ids are automatically appended to the URIs, you don't have to do that yourself.

[Toly]

Ok. I guess there must be a glitch somewhere on my server that does not allow me to see sessions on my urls.

[The New Guy]

Ok your not really answering my question.

"If there's no active session found it will start a new session."

Ok for non cookie users, if I DONT pass the SID, it will start a new session on each page, correct? If does the making of alot of 0kb sessions hurt the server, and how long do they last?

[Icheb]

Ok. I guess there must be a glitch somewhere on my server that does not allow me to see sessions on my urls.

It's possible that your PHP isn't compiled with --enable-trans-sid.

Ok for non cookie users, if I DONT pass the SID, it will start a new session on each page, correct?

Yes.

If does the making of alot of 0kb sessions hurt the server, and how long do they last?

It won't hurt your server.

And I already answered the second question:

You can set the time span after which sessions expire with the session.cookie_lifetime directive in your php.ini.

[The New Guy]

Thanks

Anyone got an answer to #2?