PHP Cookies

[mad-onion]

What it really comes down to is assuming cookies can be used is a cardinal sin like building pages just for internet explorer 5.5 ... and i repent

[freddydoesphp]

Depeneds really on the user base. If the user base will be largely employees from big corps with big firewalls and no use of cookies allowed, then yes it is something to worry about. But for the most part the average user wouldn't know how to disable cookies if he or she tried

[MattR]

Originally posted by freddydoesphp
Matt none of these links seem to work. I can't speak for performance I never built a site like amazon where I get millions of hits everyday, but for sites I have built --enable-trans-sid has worked great for the non-cookie users. I will have to take a look at the mod_rewrite for apache and see, but from my experience the only way to insure that the session id gets passed, is to pass it in the url, that is why PHPLIB does that way too.

Those were example links I made up to illustrate the idea!

mod_reqrite is pretty easy:

My example URL:
http://www.bobross.com/session_id/index.php

Can be re-written as:
RewriteEngine ON
RewriteBase /
RewriteRule ^[0-9a-z]{32}/(.+) /$1

(You'd put that in your http.conf file or an .htaccess file.)

Then instead of calling session_start( );, you'd create your own function:

Code:

function session_start_from_rewrite( ) {
  global $HTTP_HOST, $REQUEST_URI;

  ereg( "/([0-9a-z]{32})", $REQUEST_URI, $regs );
  $session_id = $regs[ 1 ];

  if( !isset( $session_id ) || empty( $session_id ) ) {
    srand( (double)microtime( ) * 10000000 );
    $session_id = md5( uniqid( rand( ) ) );

    $destination = "http://$HTTP_HOST/$session_id$REQUEST_URI";
    header( "Location: $destination" );

  } // end if

  session_id( $session_id );
  session_start( );
} // end function session_start_from_rewrite

That will send the session ID automagically with every request to your site, and it will pass it along with every link -- as long as you use relative links that is. /bob/index.php will have to include the variable manually.

DNS rewrite works much the same way, but with a couple variables changed in the function (and a couple caveats along with it).

But again, the easiest and fastest way for small to medium sites is to simply use PHP to do it -- the only tradeoff is the overhead in PHP generating the page and then looking at each link to re-write it, which can be severe if you have quite a lot of traffic in a short amount of time and/or you have a bazillion links on one page.

[freddydoesphp]

Thanks for the info.

[hstraf]

Wouldn't passing the session id in the URL cause a problem if the page were bookmarked?

[freddydoesphp]

You can't have your cake and eat it too!

[MattR]

Originally posted by hstraf
Wouldn't passing the session id in the URL cause a problem if the page were bookmarked?

Not really -- if the session ID doesn't exist in the database then you have three options:
Create a new session using that ID
Create a new session with a new ID and redirect the user as such
or
Ignore the session ID and treat them as logged out.

With a proper session hash (like the one I used), the chances of someone using another person's hash is *very* remote - there are 2^128 (or 340,282,366,920,938,463,463,374,607,431,768,211,456) possible values!

[lynlimz]

Thanks for your help guys

[lynlimz]

mad-onion...back to yuor mktime post.
If i change the date ..how do I also ge tthe time?
coz if i just change the date and compare, that would mean only the date..
how do i compare the date and time?

Add the timestamp for date and time together?


Thanks

[mad-onion]

A timestamp is unique for the second. So you probably dont need it any more accurate than seconds.
Does that answer your question?

[lynlimz]

Sorry..I'm not too sure what you're saying

[TWTCommish]

mktime produces a numeric value unique to that second - IE: if you load the page once, and then a second later, the two numbers will be different...conflicts will arrive if two people visit at once, though, so you might want to use something else.

That right, or am I way off?

[mad-onion]

Yip thats right commish, atleast ive always thought thats what it is.

A side note...
It is actually the number of seconds since Midnight January 1 1970 or something near there.

[TWTCommish]

Yup, I think that's the exact date - dunno why!

Is there some way to convert the value to a normal date?

[mad-onion]

Yip, using the date function..you feed it the desired format and an optional timestamp and it spews out the date in the format you desire.
There are heaps of letters you can use to define the format of the outputted date.
Take a look at the date function in the php manual.

[TWTCommish]

Oh yeah, I've seen that - just wasn't very good with using it in conjunction with the mktime() function - I have a copy of vBulletin and wanted to find out which days in it's history had the most posts, but all I have are a bunch of UNIX timestamps.

[mad-onion]

Oh yeah, timestamps are the best way to store a date in a db or whatever.
You would actually convert it manually if you so desired..

[TWTCommish]

Oh yeah, that would be fun.

I just like to have "Board Records" and such - most posts in a day, most members signed up in a day, etc. Unfortunatly, I just can't figure out how to calculate the first.

[lynlimz]

Hi,

I have another query regarding cookies/
If I set the expire time to be 24 hours, which would be : time()+(3600*24)

after 24 hours, if i use
if (isset($cookie)) { cookie exists }
else { setcookie(); }

will it still work?
will the cookie still return 1?

[TWTCommish]

No, I don't believe so - once a cookie is expired, I'm fairly sure it is is discarded as if it never existed in the first place.

You can test it out by setting the expiration to one minute.

[lynlimz]

Alright
Thanks for your help.