Page 1 of 1

learning "session" in PHP

Posted: Thu Sep 08, 2005 2:24 am
by saumya
hi guys,
I am studying the "session" in php from PHP Power Programming.I got into doubt in the following thing.
There ia a script like

Code: Select all

<?php
     include 'session.inc';

     function check_auth() { return 4; }
?>
<html>
<head><title>Login</title></head>
<body>
<?php
     if (isset ($_POST['login']) && ($_POST['login'] == 'Log in') &&
         ($uid = check_auth($_POST['email'], $_POST['password'])))
     {
         /* User successfully logged in, setting cookie */
         $_SESSION['uid'] = $uid;
         header('Location: http://kossu/session/index.php');
     } else {
?>
/* HTML form comes here */
<?php
    }
?>
</body>
</html>
now the code for "session.inc" is like below

Code: Select all

<?php
    ini_set('session.use_cookies', 1);
    ini_set('session.use_only_cookies', 1);
    session_start();
?>
well, can anybody guide me about what exactly the session.inc is doing.Is it setting the "session" for this particular page or is it a gloabal level setting for php like the way i set in php.ini file.Does this script changes the php.ini file or its simply for this paricualr page only?Seems simple but as a newbe,I need clarification.
thanks

Posted: Thu Sep 08, 2005 2:40 am
by feyd
ini_set() affects the current page request only (for all intents and purposes).. it's asking php to only use cookie based sessions, for whatever reason the author chose to do it..

Posted: Thu Sep 08, 2005 5:13 am
by saumya
thanks for the reply.
is there any other kind of process by which we can enable sessions? or the "cookie based" is the only one?

Posted: Thu Sep 08, 2005 9:02 am
by feyd
there are two native transports for sessions: cookies (preferred), and by URL. If url is used, attempts to add code to all urls used by your scripts that will allow the session id to pass through to other pages (if the user has cookies turned off, or the use cookie flag is off)

Posted: Fri Sep 09, 2005 2:25 am
by saumya
thanks

Posted: Fri Sep 09, 2005 4:38 am
by raghavan20
feyd wrote:there are two native transports for sessions: cookies (preferred), and by URL. If url is used, attempts to add code to all urls used by your scripts that will allow the session id to pass through to other pages (if the user has cookies turned off, or the use cookie flag is off)
so do you say if the cookie is disabled the php script automatically recognises and starts to transport session id via URL???

then where are the session variables???are they also displayed on the url???

if transported by URL, is it not necessary to use session_start() in each page???

which way of transportation is safe???

if transported by URL, where the URL variables are stored...on server or browser memory in client machine???

Posted: Fri Sep 09, 2005 6:05 am
by patrikG
see: http://uk2.php.net/session especially the section "Installation" as well as http://www.zend.com/zend/tut/session.php

Posted: Fri Sep 09, 2005 6:45 am
by raghavan20
I dont understand what is serialization and how its useful???
can anyone help me understand the concept??


I was looking for /tmp but could not find it, as session.save_path defaults to /tmp
Is it possible to find the where the cookie is in the Windows xp???
if yes, is it legible enough to understand the contents??

Posted: Fri Sep 09, 2005 8:33 am
by feyd
serialization converts data from nonuniform data (like objects and things) to a uniform data stream for storage, basically.

to find out where your install is keeping your sessions you can find it in phpinfo()'s output.