|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
 |
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
|
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Display Modes |
Dev Articles Community Forums Sponsor:
|
|
You eat, breathe and sleep innovation. Build your mobile intelligence with BlackBerry® experts this July. Register Today! |
|
#1
October 16th, 2002, 09:49 PM
|
|||
|
|||
|
question about sessions
when you guys are checking to see if sessions exist, how are you doing it?
PHP Code:
or PHP Code:
-- Jason
|
|
#2
October 16th, 2002, 10:55 PM
|
|||
|
|||
|
i dont actually use session variables (not secure enough), but if i was to check if a session variable existed then i would use the following
if(isset($_SESSION['var'])) Ofcourse i have no reason, its just easier to remember, then a huge function call. Its also probally faster, but im just guessing here.
|
|
#4
October 21st, 2002, 03:36 AM
|
|||
|
|||
|
Ben you said session was not secure enough. I just managed to get over the concept of sessions in my PHP book and the example code. It works ok if we use require once function.
So since you said its not secure enough, can u please tell me what is more secure. cookies ? . and how do we write the code for secure stuff (cookies..) . any examples would be good. ..thanks
|
|
#5
October 21st, 2002, 01:32 PM
|
|||
|
|||
|
cookies are pretty simple. to set one
PHP Code:
This would create a cookie named myCookie with a value of 'cookies are yummy!' with a timeout of 600 hours. To access a cookie, you can either use the $_COOKIE superglobal array, the $HTTP_COOKIE_VARS global array (which requires you register it as a global variable), or you can just access it as $myCookie. The best of these 3 is the $_COOKIE superglobal array based simply on the fact that's easier to track variables using the superglobals if you can, and code can be confusing when someone else looks at it and can't find where the mysterious cookie variables are coming from =D
|
|
#6
October 21st, 2002, 07:47 PM
|
|||
|
|||
|
If im going to make a login area, i use the session ID and store it in a database, using a database to handle the loggin/logout data.
|
|
#7
October 21st, 2002, 11:53 PM
|
|||
|
|||
|
ok Ben i'm going to start implementing just sessions in my first login script but then later on i'll try your idea and if i wont find answers in my book and other places, will get back to you
thanks
|
|
#8
October 22nd, 2002, 02:18 AM
|
|||
|
|||
|
basically you use the session id as a point of refrence, then you store any other details, you want for that session, then to check if they are loged in, you have a function which checks the database.
something like this: $query = mysql_query("SELECT sessionId from session_table where sessionId=" . session_id()); if(mysql_num_rows($query) => 1) logged in else public user something like that. that just gives you a basic idea of what to do. I use a few functions to 1. create the login data, and make a loged session, 2. checked if they are loged in 3. create a log file, to see if they are hacking, etc 4. create a function that checks the session table and retrives data, like there username, unique id, first and last names, etc
|
|
#9
October 22nd, 2002, 04:01 PM
|
|||
|
|||
|
Quote:
OUt of quriosity what do you use for authentication then. Cookies are less secure then sessions.
|
|
#10
October 22nd, 2002, 04:24 PM
|
|||
|
|||
|
I think what Ben is saying,...is if you use sessions don't store important information in them, like passwords
 maybe I am wrong, I hope Ben elaborates a bit on this
|
|
#11
October 22nd, 2002, 04:27 PM
|
|||
|
|||
|
Quote:
Either way you look at it, you shouldn't store passwords in plain text. Only hashes made by things like md5.
|
|
| Viewing: Dev Articles Community Forums > Programming > General Programming Help > question about sessions |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
 |
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
