SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Addict itsource's Avatar
    Join Date
    Jun 2001
    Location
    Thailand
    Posts
    369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Many question about Session. Please read and answer me.

    I read article "Session Handling with PHP4" from zend.com and have many doubt with this article

    1. "If the user disable cookies, the application can use other means of session propagation"

    when i use session_start(); and session_register(); Is it automatic use cookie to save the session ID?
    and if the user disable cookie, In article tell it use GET/POST, or the script path. and I doubt with it.
    because session save ID in cookie. and if use GET/POST or script path method. how to save ID in these method.
    and when i use these method Is i must config or edit file or other in mycomputer to
    use session_start() and session_register();

    2. "It use a cryptographically random session ID to identify user"

    Can anyone explain and show example.

    3. "if the session isn't start yet. When you start a session either way, PHP check whether a valid session ID exist."

    How can PHP know if it found a Session ID. Is it valid.

    4. "If you propagate the session ID via cookies, the default lifetime is 0, meaning that the cookie is delete

    Is this mean close all window that open browser? for example I'm open 3 window. first window url is www.hello.com
    the second and third window is blank window (about:blank) the first window use session that must type
    username and password then the data will display. when I close first window. and i type www.hello.com in the
    second window i can see the data without type username and password. So it mean session still work.
    If I want destroy session when user close the window that use session but not close all window only www.hello.com
    how can i set to destroy when close www.hello.com?

    5. Follow from question 4 "You can influence the cookie's lifetime with the configuration value lifetime.
    You can use the gc_maxlifetime configuration directive to determine how long after the last access to this
    session the data should be destroyed. with the gc_maxlifetime, you should use gc_probability. This specifies
    with what probability the garbage collection routine should be invoked. If gc_probability is 100, the cleanup is
    performed on every request (that is, with a probability of 100%); if it's 1 as by default, old sessions will be
    removed with a probability of 1% per request. "

    Can anyone explain how to set and implement it.

    6. "At the start of a session, a new ID may be created if the session is refuesd and marked as invalid because
    the HTTP referer for the page comes from a non-local site and extern_referer_check (note the single "r") is
    enabled in the PHP configuration."

    I don't understand. Can anyone explain it easy for me.

  2. #2
    SitePoint Addict itsource's Avatar
    Join Date
    Jun 2001
    Location
    Thailand
    Posts
    369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Seven Question please

    7. I use Session by default use Cookie. but if the user diable cookie I must use Get/Post method with must configuration url that cookie not. I hove I know that Is user is enable cookie or disable cookie. Because 2 method use different configuration.

  3. #3
    SitePoint Wizard
    Join Date
    Mar 2001
    Posts
    3,537
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    1)Yes, sessions automatically use cookies. If the user has cookies disabled that means you cannot track the session id without doing something extra. In that case, you have to include the session id in a query string. Since that problem was anticipated, sessions provide a predefined constant called SID that you can pass in a query string which contains the session id. See www.php.net for details on SID. The rest of your code remains the same.

    2) What do you care? All you need to know is that it is a unique id that cannot be duplicated. I think it takes the microtime(which is unique) and then adds a random number.

    3) It checks to see if there is a session id stored on the server side that matches the one from the cookie stored on the client side or in SID. It is a very simple process.

    4) All browser windows must be closed for the session to end. You can't get around that.

    5) Those variables are in your php.ini file under the Sessions heading. You can change them to whatever you like.

    6) Don't worry about it.

    7) You can check to see if the user has cookies disabled by trying to set a cookie and reading it, and then pass SID in the url to your script if needed. Or, you can just assume all users have cookies disabled and pass SID in your url regardless.
    Last edited by 7stud; Jun 30, 2001 at 12:37.

  4. #4
    SitePoint Addict itsource's Avatar
    Join Date
    Jun 2001
    Location
    Thailand
    Posts
    369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, 7Stud
    I have one question again.

    1. if I use Session by cookie but not Query string and user is diable cookie. What happen when user go to the page that must type a username and password that use session.

    2. If I use session by cookie and also use by Query String. Is it make code run slow?

  5. #5
    SitePoint Addict itsource's Avatar
    Join Date
    Jun 2001
    Location
    Thailand
    Posts
    369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Oh sorry I forget one question again.

    3. If I use sesion by query string and user enable cookie. Is it still save session id on cookie.

  6. #6
    SitePoint Wizard
    Join Date
    Mar 2001
    Posts
    3,537
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    1) It won't work.

    2) lol... of course not.

    3) Yes. php does not know if the user has cookies disabled, so sessions always try to set a cookie on the client side. If you use sessions, and thereby try to set a cookie client side, and pass a variable by query string, they are totally independent of each other.
    Last edited by 7stud; Jun 30, 2001 at 14:01.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •