I don't understand sessions and cookies.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
CauTi0N
Forum Newbie
Posts: 3
Joined: Fri Jan 14, 2011 10:51 am

I don't understand sessions and cookies.

Post by CauTi0N »

Hello everyone,

I'm a newbie PHP programmer (I have a background in C++, but that's really it - aside from HTML and JavaScript, of course). I'm picking up the language rather easily, and the MySQL integration is... it makes me shudder sometimes how flexible and easy the whole system is, but one thing I'm really just not... understanding is Sessions and cookies.

I want to create some sort of blog/forum system myself (I understand PHPBB is good, but I just want this for myself - a good establishment of what I can do). The blog I'm not having too many issues with... I understand the updating of the MySQL database enough to be able to sort by latest id #, add, delete, edit, and search... But really the issue is the login system.

I have no idea where to even start, how sessions and cookies work, etc. Can anyone help explain, I would really, really appreciate it. :/ Thank you so so much. :) Just a tutorial really that explains how they work and how to check where the code should go on different pages... so they can stay logged in on many different pages. Also, I'd like to learn how to be able to update the cookie so if they are active, they won't just randomly be logged out. I also am interested in the hashing of the password and all other security measures so as to make sure the person's login is secure, and that nobody can do a MySQL injection.

I am eager to learn, but I'll be honest - I definitely need help. The goal is to be able to make truly complex and wonderful systems, and I see what PHP can do - but I just know the basics. Now I need to move from that and leap up to an even higher spot.
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: I don't understand sessions and cookies.

Post by Jonah Bron »

CauTi0N
Forum Newbie
Posts: 3
Joined: Fri Jan 14, 2011 10:51 am

Re: I don't understand sessions and cookies.

Post by CauTi0N »

I've read that and honestly I don't feel w3 did a very good job. I've been having quite an issue regarding security...

It's not creating the Login system itself I believe that's really the issue. I imagine you can do that with cookies themselves if you wanted too. It's the whole idea of making it all secure - a secure login (https) page (how do I set that up?) and making sure people cannot grab the cookies so as to edit or login under any name. All the session example in w3 taught me really was how to display that variable - but I'm looking for something that goes across pages and is safe/secure.
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: I don't understand sessions and cookies.

Post by Jonah Bron »

Well, that tutorial explains sessions, not login systems. Here's some more stuff:

http://www.google.com/search?q=php+secure+login
CauTi0N
Forum Newbie
Posts: 3
Joined: Fri Jan 14, 2011 10:51 am

Re: I don't understand sessions and cookies.

Post by CauTi0N »

Oh jeez - I found this wonderful, wonderful tutorial... http://tinsology.net/2009/06/creating-a ... right-way/
If anyone has any comments on the way this guy performs the login system, please tell me - I'm learning a significant amount by hashing, salts, and mysql_query_escape_string!

Question though: Regarding hashing, or in particular the md5 algorithm:

Code: Select all

md5(uniqid(rand(),true));
Would this always provide a random result, or would it always provide the same result? Because that rand() function is scaring me a bit...
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: I don't understand sessions and cookies.

Post by Jonah Bron »

It would always be different. Also, that article might be a little old... you should use sha1, not md5. The both work the same though.
Post Reply