Dynadot โ€” .com Transfer

Php help needed

SpaceshipSpaceship
Watch
matt678

matt678

Established Member
โ˜… 20 โ˜…
Impact
0
100%
4
Feedback
How do you code a script that uses session variables, but you don't want it to pass the session id in the url (I've heard of transid how does that work?), do you only need to call Session_start() once for all pages ie on login, or does it need to be placed on every script that uses session variables?
 
Reply
0
0 Like
0 Thanks
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
GoDaddyGoDaddy
Sort by date Sort by points
100%
21
Feedback
session_start() will be used for all pages.
In your php.ini file you'll find a section titled: "session". if you look below that you'll find this:

; Whether to use cookies.
session.use_cookies = 1

; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
; session.use_only_cookies = 1


so, if you set this latter variable to 1, you will be forcing the use of only cookies for handling sessions. This will result in the scenario that a session will only be created if the user's browser accepts cookies... else session handling will not work... but that's okay because even yahoo mail uses cookied sessions... so you can assume that most browsers will accept cookies.
for those who block cookies you can show a message like: "cant login? try enabling cookies in your browser" ;)
 
Reply
0
0 Like
0 Thanks
•••
96%
41
Feedback
you can avoid php sessions and cookies all together by using mysql sessions. There better, more reliable and more secure. Goto a nice tutorial site and learn how to do this. I perily dont care whether the php sessions shows in a browser.
 
Reply
0
0 Like
0 Thanks
•••
100%
21
Feedback
templaterave said:
you can avoid php sessions and cookies all together by using mysql sessions. There better, more reliable and more secure. Goto a nice tutorial site and learn how to do this. I perily dont care whether the php sessions shows in a browser.
Click to expand...

......and what would you mean by a mysql session ? do you mean to say that you can use mysql on it's own without using an application programming language like php, jsp, asp etc ... for maintaining user sessions on web browsers ????? :o

I agree that you can store session data in a mysql database instead of in files, but you do need a scripting language to actually accomplish this. so the question isnt whether you can use mysql for storing session data or whether you use flat files... but whether you can do away with session ids being a part of the URL for maintaining user sessions.... and this can be done via cookies stored on the client computer (on the server side you have the choice of storing the actual session data -- as opposed to merely session IDs --- either in ordinary files or in a DB).

I hope this clears up the confusion.
 
Reply
0
0 Like
0 Thanks
•••
100%
50
Feedback
Keep it simple, stay with php sessions rather than mysql sessions

-Steve
 
Reply
0
0 Like
0 Thanks
•••
100%
41
Feedback
stscac said:
Keep it simple, stay with php sessions rather than mysql sessions

-Steve
Click to expand...

exactly. register a couple of vars like user/pass(md5) and the ip for example. if one of those becomes incorrect, destroy the session and redirect them to the index :)
 
Reply
0
0 Like
0 Thanks
•••
100%
4
Feedback
Thanks, i guess i'll enable the cookie setting, one thing i've noticed though is that the first page you access on my site makes all the other links include the session id, but when you click on the logo ie go back to index.php none of the links have session id's tagged on but the session functionality remains, does the browser record the session id while you remain on the site?

Another question i have is whether it is possible to tell whether a session has been started on another page and if so, would it be possible then to only continue a session throughout a site if it was started in say the login? ie a session wouldn't be started on a page unless the person has logged in.
 
Reply
0
0 Like
0 Thanks
•••
98%
58
Feedback
Are you looking for something like on my website? Check it out in the bottom link, it has session variables for user login, and what have you.
 
Reply
0
0 Like
0 Thanks
•••
100%
21
Feedback
the session functionality remains because perhaps the cookie seeting is already enabled, and the session id is stored in the cookie instead of being passed around in the URL parameters
 
Reply
0
0 Like
0 Thanks
•••
100%
4
Feedback
Probably true about the sessions, ComputerGeek247 i couldn't find the tut. on your site, the php section states 'comming soon', i'm still looking for a way to tell whether a session has been started on another page on a site without starting a session to check
 
Reply
0
0 Like
0 Thanks
•••
Log in or sign up to reply here.
Dynadot โ€” .com TransferDynadot โ€” .com Transfer

Similar threads

PoorDoggie
Do I always have to do session_start()???
15 replies
665 views
Peter
Peter
W
Working with sessions
3 replies
1K views
web guru
W
S
Need help (Php session)
1 reply
695 views
Jim_
Jim_
R
[TUTORIAL] PHP - Security with Cookies
9 replies
4K views
RageD
R
drakewla
PHP caching
0 replies
2K views
drakewla
drakewla
CatchedCatched

We're social

Escrow.com

New posts โž”

Spaceship

Auction activity โž”

Rexus Domain

How do you think a potential buyer first checks if your domain is for sale?

Polls of interest โž”

CryptoExchange.com

Hot this week โž”

Domain Recover

Community favorite โž”

CatchDoms

Hot this month โž”

Blog favorites

DomDB

  1. DPJ.xyz

    • Make Offer

  2. slabcity.de

    • Buy Now
    • $2,988

  3. EmeraldDAX.com

    • Show Price

  4. JobCatalog.com

    • Make Offer

  5. lovecapetown.com

    • Make Offer

  6. BetFlixGun.com

    • Buy Now
    • $9,888

  7. TighteningCream.com

    • Make Offer

  8. Cherry.co

    • Make Offer

  9. CannabisSummit.org

    • Make Offer

  10. LadyCoin.com

    • Show Price
NameFit
  • The sidebar remains visible by scrolling at a speed relative to the pageโ€™s height.
Back