Session id... I don't get it...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Steveo31
Forum Contributor
Posts: 416
Joined: Sun Nov 23, 2003 9:05 pm
Location: San Jose CA

Session id... I don't get it...

Post by Steveo31 »

The session ID is there if no one is logged in, but as soon as someone logs in, the session ID goes away.

PHP.ini file-

Code: Select all

їSession]
; Handler used to store/retrieve data.
session.save_handler = files

; Argument passed to save_handler.  In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this 
; variable in order to use PHP's session functions.
session.save_path = C:/phpdev\php\temp;

; Whether to use cookies.
session.use_cookies = 1


; Name of the session (used as cookie name).
session.name = s_id

; Initialize session on request startup.
session.auto_start = 0

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0

; The path for which the cookie is valid.
session.cookie_path = /

; The domain for which the cookie is valid.
session.cookie_domain =

; Handler used to serialize data.  php is the standard serializer of PHP.
session.serialize_handler = php

; Percentual probability that the 'garbage collection' process is started
; on every session initialization.
session.gc_probability = 1

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440

; Check HTTP Referer to invalidate externally stored URLs containing ids.
session.referer_check =

; How many bytes to read from the file.
session.entropy_length = 0

; Specified here to create the session id.
session.entropy_file =

;session.entropy_length = 16

;session.entropy_file = /dev/urandom

; Set to {nocache,private,public} to determine HTTP caching aspects.
session.cache_limiter = nocache

; Document expires after n minutes.
session.cache_expire = 180

; use transient sid support if enabled by compiling with --enable-trans-sid.
session.use_trans_sid = 1

url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
User avatar
phice
Moderator
Posts: 1416
Joined: Sat Apr 20, 2002 3:14 pm
Location: Dallas, TX
Contact:

Post by phice »

How are you getting the session id? Could you give us an example of your code?

Try [php_man]session_id[/php_man]() to retrieve the current session id.
Image Image
Steveo31
Forum Contributor
Posts: 416
Joined: Sun Nov 23, 2003 9:05 pm
Location: San Jose CA

Post by Steveo31 »

Sure thing.

Code: Select all

<?php 
session_start(); 
?>
//and later:
<?php
if(empty($_SESSION['username'])){
					   
?>
<tr>
			<td>Username: <input type="text" name="username"></td>
</tr>
<tr>
			<td>Password: <input type="password" name="password"></td>
</tr>
<tr>
			<td><br><input type="submit" value="Log in" style="font-size:90%">&nbsp;Remember Me?<input type="checkbox" name="remember"></td>
</tr>

<?php
	
}else{
						
?>
<p style="font-family:arial; font-size:10px;">Welcome <?php echo $_SESSION['username']; ?>.
<br><br>
<a href="logout.php">Log out</a> | <a href="members.php?action=tools&username=<?php echo $_SESSION['username'] ?>">Tools</a>
						
<?php
}
?>
All that works just fine. If you are logged in, the second block is shown. If not, the first block is. Once you are logged in, the session_id goes away. If you are not logged in, the session_id is there.

Oh wait... :idea:

So there are 2 ways of sessions... one is in the URL... the other in cookies. If the user is logged in, it uses cookies. If not... it does it in the URL, right?

Hm.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

first attempts to set a cookie. If that doesn't take, it passes via url.
Steveo31
Forum Contributor
Posts: 416
Joined: Sun Nov 23, 2003 9:05 pm
Location: San Jose CA

Post by Steveo31 »

So if session.use_cookies is set to 1, then if the user is logged in that session id won't ever show up, unless I type it into every <a href> or turn cookies off, right?

In that case, I'm a dork.
Post Reply