SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Evangelist
    Join Date
    Feb 2000
    Location
    England
    Posts
    568
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Another session question.

    At the moment i have sessions being turned on on every page. Now, all the links to other pages have the following added automatically:

    register2.php?PHPSESSID=bbcea0bc73eacbf91789ed608938c913

    sort of thing for something like register2.php

    Couple of things:

    i) does this depend on certain PHP settings? i want to make the script work out the box so don't want any extra problems with php settings
    ii) does the session get added to form input when sending forms instead of clicking on a link? If not, is the hidden variable i would need just $PHPSESSID ?
    iii) Is there a better way to pass the ID? Should i just use cookies?

  2. #2
    SitePoint Addict zoordaan's Avatar
    Join Date
    Feb 2001
    Location
    NYC/Texas
    Posts
    348
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ii) does the session get added to form input when sending forms instead of clicking on a link? If not, is the hidden variable i would need just $PHPSESSID ?
    It doesn't get added automatically, should be in a hidden input field:
    Code:
    <input type=hidden name="sid" value="<?php echo $PHPSESSID; ?>">
    iii) Is there a better way to pass the ID? Should i just use cookies?
    Well, I like sessions exactly because they're not cookies. In terms of passing the value of the session you can shorten it by using
    Code:
    <a href="newsite.php4?<?=$PHPSESSID?>">new site</a>
    this is what I do with php4.04pl1

  3. #3
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Actually the reason why you are getting the session id automatically appended to the links is because you have a version of php which was compiled with --enable-trans-sid. And unless this is compiled into everyone's version of php that uses this script it won't work. And most people don't have it compiled in.

    Well, I like sessions exactly because they're not cookies
    Actually sessions use cookies to store the session id, and the --enable-trans-sid comes into play to accomadate users who have cookies turned off. So basically you have two options, since there is no guarantee that all users will have this feature compiled into php on their servers, one is make cookies a requirement to use the scripts, or manually tack the session id to every link in the site. But remember just because the session id is tacked on on your system automatially that won't necessarily be the case for others.
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  4. #4
    SitePoint Wizard johnn's Avatar
    Join Date
    Mar 2001
    Location
    Southern California, USA
    Posts
    1,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's probably best to just manually tack the session id to every link in the site so that we don't have to worry about enable-trans-sid is set or not, and we don't have to worry about if cookie is disable in the user's browser side or not, and we can forget about $PHPSESSID since $PHPSESSID is a cookie.

    Thanks for any comment about it.
    John

  5. #5
    SitePoint Evangelist
    Join Date
    Feb 2000
    Location
    England
    Posts
    568
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    my other problem is that this program is something people will "add" to their site. People might use the program and then go somewhere else on the site. If i rely on doing sessions in links then they will loose the session will they not? but if it using the temporary cookie (it is a session cookie is it, expires when browser closes?) then will this be ok? they can be at say www.domain.com/mysection.php and click to go to www.domain.com and then back to www.domain.com/mysection.php and still be logged in?

    Thing is, if i do use "just" the session cookie type thing, i am not sure the advantage of using sessions at all as i am using them for is transfering the userid/password which could be done in just a cookie.

    One thought, it would perhaps be nice, like vbulletin, to allow for both, ie session via links and sessions via cookies. So when someone logs in i have:

    USERNAME:
    PASSWORD:
    Remember me next time Yes | No
    I do not use cookies Yes | No

    sort of thing. The remember sets a last forever cookie and if you say no, then it does session via links.

    Thing is i am not exactly sure how to start coding for this, anyone got any pointers or just a description in words of what to do so i can then work it out in code?

  6. #6
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    You can actually determine programatically whether the user has cookies enabled or not, and then either tack on the session ID onto the end of your links (the string "PHPSESSID=sessionID" is always available in the PHP 'SID' constant, so adding the session ID to a link is as simple as typing <?=SID?>), or allow the session ID to be passed via cookies if they are available.

    The PHP manual's section on Cookies has some good pointers on this stuff.
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  7. #7
    SitePoint Wizard
    Join Date
    Mar 2001
    Posts
    3,537
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,
    but if it using the temporary cookie (it is a session cookie is it, expires when browser closes?) then will this be ok? they can be at say www.domain.com/mysection.php and click to go to www.domain.com and then back to www.domain.com/mysection.php and still be logged in?
    Yes and no. A session ends when you close ALL browser windows, but I have also seen it mentioned that a session can timeout after a certain time, even if the browser is not closed. I am not sure what the mechanism for that is, but I think it might be the session.gc_maxlifetime variable in your php.ini file. This is how the manual describes that variable:

    session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up.

    Mine is set to 24 minutes, so I believe a session will end after 24 minutes regardless of whether someone closes their browser or not.
    Last edited by 7stud; May 20, 2001 at 23:35.

  8. #8
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    It all depends on what you call a session 'ending'. Even when a user closes all his/her browser windows, the session remains active on the server. Of course, if the user reopens the browser and returns to the site, he/she will be assigned a new session, since his/her browser deleted the original session cookie when it was closed.

    You see, Web servers have no way of knowing when someone has left a site besides the fact that requests accompanied by the session ID stop coming in. So what has to happen is that a session timeout is defined on the server. In your case, you've defined it to be 24 minutes. Thus, (roughly) 24 minutes after the server last sees a request with a particular session ID, that session will be deleted from the server.

    From the user's point of view, the session will be terminated when he or she closes the browser, since at that point the browser forgets its session ID and can no longer send requests for that session. Also from the user's point of view, the session will expire if he or she doesn't load a page for an extended period (in your case, 24 minutes). From the server's point of view, however, sessions can only end one way (assuming they are not explicitly ended by a script): after a defined timeout during which no requests come in for a session, it will be destroyed automatically.

    Hope this clears things up!
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  9. #9
    SitePoint Zealot lutrov's Avatar
    Join Date
    Mar 2001
    Location
    Melbourne, Australia
    Posts
    159
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Hi folks,

    Hoping someone can clear this up for me: I've got the following piece of code included in every page:

    if (! isset($SESSION)) {
    $SESSION = array();
    }
    session_register("SESSION");

    The first page I load doesn't display the session id, which I understand. The second page shows:

    PHPSESSID=5e777ccd5b44d7f71b02789c0238ee27

    as part of the URL. Every page after that doesn't show the session id, although everything still works as expected. My question is this:

    How do I stop the session id being appended to the URL for the second page? My php.ini variables_order and gpc_order are set to this:

    variables_order = "EGPCS" ;
    gpc_order = "GPCS"

    But changing the order seems to have no effect. Obviously I fail to understand something here...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •