sessions... basic questions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
pedrotuga
Forum Contributor
Posts: 249
Joined: Tue Dec 13, 2005 11:08 pm

sessions... basic questions

Post by pedrotuga »

Hey all

I am using sessions fot the first time.

I didnt get it so well so far, it looks like the documentation out there refers to many diferent php versions.

From what i got from it its basicaly about starting the session like this

Code: Select all

session_start();
assign variables ustin the array $_session[] like

Code: Select all

$_session[foo]="foo2";
then checking if the user came from a session successfully started

Code: Select all

if (isset($_SESSION["foo"]) );{
echo "Hurray, lets do stuf here!"
}
else header("location: byebye.php");


ok.. this is what i got from what i red.. but i think its more to say than this... like... what about the functions session_id(), seesion_name() and $session_register() ?
when and what for should i use them?

I am using php 5.0

thx in advance
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

session_id() will tell you their session hash value, this can be used for various things like associating a database record or three with their session.
session_name() will tell you what the name of the session is (not all that important, most often).
session_register() should not be used if you are using $_SESSION variables.
User avatar
pedrotuga
Forum Contributor
Posts: 249
Joined: Tue Dec 13, 2005 11:08 pm

Post by pedrotuga »

ok... so lets see...

basicaly its only like i said befor right?

Question: do a server assigns a unique id to every single session?

like... if i keep session_id() on a database or a log file, can i later pick it to refer to that exact session on the day X by the user Y?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

they are fairly unique, but not absolutely guaranteed to be unique (in the lifetime of all things) so keeping data on really old sessions isn't a good idea, nor is it supposed to be done. Sessions are supposed to be thrown away after a period of inactivity.
User avatar
pedrotuga
Forum Contributor
Posts: 249
Joined: Tue Dec 13, 2005 11:08 pm

Post by pedrotuga »

so in that case whats the utility of session_id() ?

well.. but... so we dont forget about the main goal of this thread... if i dont use cookies does it works the way i described in the beggining?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

provided you didn't disable the transfer of session id's across URLs, yes.
User avatar
pedrotuga
Forum Contributor
Posts: 249
Joined: Tue Dec 13, 2005 11:08 pm

Post by pedrotuga »

only one final question aboute security.

ok.. so the session Id will be passed through the url...

could one sniff the packets and exctract the url and get access to that session data?
Is this very insecure? or is just a minor security hole wich is not critical for small sites without strictly confidential information?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

someone could sniff the the cookie too unless you run under SSL. If you're absolutely paranoid about session integrity read through the multitude of session related threads in the security section of devnet.
User avatar
pedrotuga
Forum Contributor
Posts: 249
Joined: Tue Dec 13, 2005 11:08 pm

Post by pedrotuga »

yep.. thats true...

it was just a question... i am not paranoid about security
User avatar
pedrotuga
Forum Contributor
Posts: 249
Joined: Tue Dec 13, 2005 11:08 pm

Post by pedrotuga »

this is repeating again... but i got a bit confused with all the changes through the latest php versions.

is

Code: Select all

$_SESSION['username'] = $array["username"];
the same as

Code: Select all

session_register("username");
?
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Have you bothered to read the documentation at http://www.php.net/session_register ?
User avatar
pedrotuga
Forum Contributor
Posts: 249
Joined: Tue Dec 13, 2005 11:08 pm

Post by pedrotuga »

yes, i have.
And it says this:
Caution

If you want your script to work regardless of register_globals, you need to instead use the $_SESSION array as $_SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled.
thats why i came here and ask.
jito
Forum Commoner
Posts: 85
Joined: Sat Mar 25, 2006 4:32 am
Location: india

Post by jito »

check ur php.ini file, if register_global is on only then u will be able to use session_register(), which creates a global variable.But when using $_SESSION[] u r using a superglobal array to store the value, the scope of the variable here is much more. So both can't be the same. am i clear?
try to use use $_SESSION, it's a better choice and follow ur manual, everything is there already.
User avatar
pedrotuga
Forum Contributor
Posts: 249
Joined: Tue Dec 13, 2005 11:08 pm

Post by pedrotuga »

ok...

i am using $_SESSION, i was just wodreing what the diferences could be. You were clear.

thanks...

if so i will use $_SESSION then.
User avatar
pedrotuga
Forum Contributor
Posts: 249
Joined: Tue Dec 13, 2005 11:08 pm

Post by pedrotuga »

Another question.
Is it possible to configure apache so it autostarts sessions?
how?

wich conf file sohuld i use?

i am running apache on debian
Post Reply