Page 1 of 1
not getting SESSION ?
Posted: Sat Sep 30, 2006 12:29 am
by saumya
Hi I am trying to study SESSIOn on PHP but could not really get into it.
on my first page, I have
Code: Select all
session_start();
session_register("s_work_order_no");
$s_work_order_no = 'a001_002';
when I go to another page and try to get to the varibale, I could not get it
Code: Select all
session_start();
echo $s_work_order_no;
it gives me following error
Code: Select all
Notice: Undefined variable: s_work_order_no test.php on line 49
Posted: Sat Sep 30, 2006 12:49 am
by Oren
Posted: Sat Sep 30, 2006 1:05 am
by saumya
Hi, thank you so much.Thats a great point.
But still I am not getting it to work

Posted: Sat Sep 30, 2006 1:09 am
by aaronhall
He's saying not to use session_register() ... instead, assign and retrieve session variables using the $_SESSION superglobal:
Code: Select all
<?
session_start();
$_SESSION['foo'] = "bar";
?>
Next page...
Code: Select all
<?
session_start();
echo $_SESSION['foo']; // prints "bar"
?>
Posted: Sat Sep 30, 2006 1:18 am
by saumya
I got that I tried it.But no luck
Code: Select all
session_start();
$_SESSION["s_work_order_no"];
$s_work_order_no = 'a001_002';
Then
Code: Select all
session_start();
echo '<br/>'.$_SESSION['s_work_order_no'];
Thank you
Posted: Sat Sep 30, 2006 1:23 am
by aaronhall
Almost.. just assign it like this:
Code: Select all
<?
session_start();
$_SESSION["s_work_order_no"] = 'a001_002';
?>
Posted: Sat Sep 30, 2006 1:32 am
by saumya
hi aaronhall,that worked as sweet.
Thank you so much.You saved me a headache.
Posted: Sat Sep 30, 2006 1:35 am
by saumya
Hey guys one more question, Do I still need to send the SID in the browser query string?
Posted: Sat Sep 30, 2006 2:09 am
by Oren
saumya wrote:Hey guys one more question, Do I still need to send the SID in the browser query string?
Well that depends... You will have to read more about sessions and how they work, that would be the best answer I could give you - seriously
Check out
http://shiflett.org/articles
After some reading, you'll understand why I suggest you dont send the SID withing the query string - use cookies instead (user must have cookies enabled for that of course).
Posted: Sat Sep 30, 2006 2:29 am
by saumya
hi Oren,
thats really some serious stuff.
Now, my question is if I donot send query string and users never enable cookies, then is it possible to run session?

Posted: Sat Sep 30, 2006 2:45 am
by Oren
The user must supply the session id in some way, if it's not supplied with a cookie or in the query string, how will PHP know what session data belongs to this user?
Posted: Sat Sep 30, 2006 7:51 am
by saumya
Thank you Oren, I got the idea.
Posted: Sun Oct 01, 2006 7:39 pm
by chakhar86
I've never sent session ID to the server but it works completely fine...
Is PHP will treat single user as single child in its process?
So the session ID won't be exchanged with other user???
Posted: Mon Oct 02, 2006 1:05 am
by John Cartwright
sessions by default are stored in a flatfiles located somewhere in your server, so in theory depending on your server's security and setup it is possible for people to read others sessions. I believe the search term you are looking for is
session hijacking
Posted: Mon Oct 02, 2006 1:08 am
by Oren
chakhar86 wrote:I've never sent session ID to the server but it works completely fine...
Is PHP will treat single user as single child in its process?
So the session ID won't be exchanged with other user???
Sorry, I couldn't understand your question. Can you ask again please?