Page 1 of 2
sessions... basic questions
Posted: Fri Mar 24, 2006 11:26 pm
by pedrotuga
Hey all
I am using sessions fot the first time.
I didnt get it so well so far, it looks like the documentation out there refers to many diferent php versions.
From what i got from it its basicaly about starting the session like this
assign variables ustin the array $_session[] like
then checking if the user came from a session successfully started
Code: Select all
if (isset($_SESSION["foo"]) );{
echo "Hurray, lets do stuf here!"
}
else header("location: byebye.php");
ok.. this is what i got from what i red.. but i think its more to say than this... like... what about the functions session_id(), seesion_name() and $session_register() ?
when and what for should i use them?
I am using php 5.0
thx in advance
Posted: Fri Mar 24, 2006 11:45 pm
by feyd
session_id() will tell you their session hash value, this can be used for various things like associating a database record or three with their session.
session_name() will tell you what the name of the session is (not all that important, most often).
session_register() should not be used if you are using $_SESSION variables.
Posted: Fri Mar 24, 2006 11:52 pm
by pedrotuga
ok... so lets see...
basicaly its only like i said befor right?
Question: do a server assigns a unique id to every single session?
like... if i keep session_id() on a database or a log file, can i later pick it to refer to that exact session on the day X by the user Y?
Posted: Fri Mar 24, 2006 11:56 pm
by feyd
they are fairly unique, but not absolutely guaranteed to be unique (in the lifetime of all things) so keeping data on really old sessions isn't a good idea, nor is it supposed to be done. Sessions are supposed to be thrown away after a period of inactivity.
Posted: Sat Mar 25, 2006 12:37 am
by pedrotuga
so in that case whats the utility of session_id() ?
well.. but... so we dont forget about the main goal of this thread... if i dont use cookies does it works the way i described in the beggining?
Posted: Sat Mar 25, 2006 12:41 am
by feyd
provided you didn't disable the transfer of session id's across URLs, yes.
Posted: Sat Mar 25, 2006 1:16 am
by pedrotuga
only one final question aboute security.
ok.. so the session Id will be passed through the url...
could one sniff the packets and exctract the url and get access to that session data?
Is this very insecure? or is just a minor security hole wich is not critical for small sites without strictly confidential information?
Posted: Sat Mar 25, 2006 1:30 am
by feyd
someone could sniff the the cookie too unless you run under SSL. If you're absolutely paranoid about session integrity read through the multitude of session related threads in the security section of devnet.
Posted: Sat Mar 25, 2006 4:42 pm
by pedrotuga
yep.. thats true...
it was just a question... i am not paranoid about security
Posted: Mon Apr 10, 2006 6:08 pm
by pedrotuga
this is repeating again... but i got a bit confused with all the changes through the latest php versions.
is
Code: Select all
$_SESSION['username'] = $array["username"];
the same as
?
Posted: Mon Apr 10, 2006 9:34 pm
by timvw
Have you bothered to read the documentation at
http://www.php.net/session_register ?
Posted: Tue Apr 11, 2006 7:06 am
by pedrotuga
yes, i have.
And it says this:
Caution
If you want your script to work regardless of register_globals, you need to instead use the $_SESSION array as $_SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled.
thats why i came here and ask.
Posted: Tue Apr 11, 2006 7:41 am
by jito
check ur php.ini file, if register_global is on only then u will be able to use session_register(), which creates a global variable.But when using $_SESSION[] u r using a superglobal array to store the value, the scope of the variable here is much more. So both can't be the same. am i clear?
try to use use $_SESSION, it's a better choice and follow ur manual, everything is there already.
Posted: Tue Apr 11, 2006 12:30 pm
by pedrotuga
ok...
i am using $_SESSION, i was just wodreing what the diferences could be. You were clear.
thanks...
if so i will use $_SESSION then.
Posted: Wed Apr 12, 2006 12:27 pm
by pedrotuga
Another question.
Is it possible to configure apache so it autostarts sessions?
how?
wich conf file sohuld i use?
i am running apache on debian