Page 1 of 1
keep tracking user...
Posted: Wed Nov 12, 2003 3:05 am
by devork
-what is good way to keep track of user on site,and related variables.
-should we use
if(!session_is_registered("validUser"))
header("..");
to check whether user has logged in or not.
-code if moved to other distribution of linux don't need to be modified.
-no security threats,
Posted: Wed Nov 12, 2003 7:29 am
by Johnm
devork,
Is storing them in a database an option for you? If so, that would be the way to go in my opinnion. Some people use cookies for this but that is not a reliable way as you are then depending on the client and as we all well know, you just can't depend on them.
John M
John M
Posted: Wed Nov 12, 2003 7:39 am
by twigletmac
Little point on sessions - If you are using sessions on PHP 4.1 or above,
Code: Select all
if (!empty($_SESSION['validUser'])) {
is a register_globals independent way of doing:
Code: Select all
if(!session_is_registered("validUser")) {
Mac
Posted: Wed Nov 12, 2003 10:59 am
by devork
what about this
-headers already sent..
-session delimeter
these kinds of errors.
Posted: Thu Nov 13, 2003 2:52 am
by twigletmac
Check out the headers already sent tutorial:
viewtopic.php?t=1157
What is the full text of the second error?
Mac
Posted: Thu Nov 13, 2003 4:36 am
by devork
ok
I have registered some variables in a.php through session to be used on b.php but session variables lost in b.php no output.
Posted: Thu Nov 13, 2003 5:52 am
by twigletmac
Can we see the code for b.php?
Mac
Posted: Thu Nov 13, 2003 7:53 am
by Nay
Maybe he was missing session_start()?
I was killing myself on a script till I re-read another session script and saw that session_start() was missing O_o.
-Nay
Posted: Thu Nov 13, 2003 10:16 am
by php_wiz_kid
yeah, session_start() seems to trick people new to sessions. Twigs example should work fine. Here's another example:
I'm using quick reply so sorry for not formatting it:
a.php:
<?php
session_start();
if($good_pass == true and $good_user == true) {
$_SESSION['validuser'] = true;
} else {
$_SESSION['validuser'] = false;
}
?>
b.php
<?php
session_start();
if($_SESSION['validuser'] == true) {
$keep_user_logged_in = true;
} else {
$keep_user_logged_in = false;
session_destroy(); //Gets rid of registered session
}
Note how the $_SESSION['validuser'] carries from a.php to b.php. This might not be totally accurate but I hope it gives you the idea. I'm kind of in a hurry so sorry if I didn't explain it good enough. You would hopefuly have a more in depth user authentication and valid user checker script. So don't mess with possible hazards such as cookeis or url scrambling. Also, I've heard stories of sites getting session hijacked. I'm note exactly sure what that is, but they say you should somehow authenticate your sessions. I try to implement session authentication but I'm not sure if it works because I don't know how session hijacking works. If you need some more help don't be afraid to email or pm me.
Posted: Thu Nov 13, 2003 10:25 am
by JAM
php_wiz_kid, note that yu are missing session_start(); in the beginning of b.php. You need that on all pages dealing with sessions...
Posted: Thu Nov 13, 2003 10:27 am
by twigletmac
tags around code are nice too.
Mac