session

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
pagegen
Forum Commoner
Posts: 32
Joined: Sat May 31, 2008 6:38 am

session

Post by pagegen »

Code: Select all

session_start();
session_id() = 'billy';
$username = session_id();
 
Hey guys am using session_id() in a shopping cart to keep an individual basket for each user..
The site also has register and login option..

the problem is if some1 has added products in there basket and login i want the session_id to become there username to keep the basket individual..

my code is not working to set the session _id can u guys help..

have u guys got any other ideas to make the basket more secure?

Thanks in advanced
User avatar
pcoder
Forum Contributor
Posts: 230
Joined: Fri Nov 03, 2006 5:19 am

Re: session

Post by pcoder »

Try this:

Code: Select all

 
session_start();
session_id( 'billy');
$username = session_id();
 
pagegen
Forum Commoner
Posts: 32
Joined: Sat May 31, 2008 6:38 am

Re: session

Post by pagegen »

pcoder wrote:Try this:

Code: Select all

 
session_start();
session_id( 'billy');
$username = session_id();
 
thanks you..

searched on net for a wile b4 posting but i guess its too easy and thats why people never had it on thr site..

any comments on the baskets security?
bungkusan
Forum Newbie
Posts: 20
Joined: Tue Sep 16, 2008 8:56 am

Re: session

Post by bungkusan »

hai guys, i wanna ask about session lifetime.

how to setting the max lifetime for session using PHP code, not setting in PHP.ini ?
pagegen
Forum Commoner
Posts: 32
Joined: Sat May 31, 2008 6:38 am

Re: session

Post by pagegen »

bungkusan wrote:hai guys, i wanna ask about session lifetime.

how to setting the max lifetime for session using PHP code, not setting in PHP.ini ?

i found this but not tested it yet

session.gc_maxlifetime = 3600;


Guys i have another problem:

ok when i do the

Code: Select all

       session_id( 'billy');
    $username = session_id();
its ok to show what ive set as the id on the page i set it but on other pages it becomes some long number again.. any suggestions?
bungkusan
Forum Newbie
Posts: 20
Joined: Tue Sep 16, 2008 8:56 am

Re: session

Post by bungkusan »

pagegen wrote: i found this but not tested it yet

session.gc_maxlifetime = 3600;
this is for php.ini :( another choice ?
User avatar
Stryks
Forum Regular
Posts: 746
Joined: Wed Jan 14, 2004 5:06 pm

Re: session

Post by Stryks »

pagegen wrote:Hey guys am using session_id() in a shopping cart to keep an individual basket for each user..
Sorry ... just to clarify ... keep an individual basket where? If you keep your basket in the session, then it's already individual and you don't need to do a thing. If you're storing it elsewhere, then consider storing cart contents in sessions instead.

When the user orders the cart, then just write the order to the database and refer to the user's ID from the login system.

Or, if you really want to use the database for interim cart storage, then write it to the database, but again, link it to the user_id that would have been created in your login method, not the session ID.

I replied to someone else about using sessions for cart storage HERE ... maybe it will be of help to you.

Cheers
pagegen
Forum Commoner
Posts: 32
Joined: Sat May 31, 2008 6:38 am

Re: session

Post by pagegen »

hey mate..

well my basket works as, when a user adds items, they get stored in the database..
and because its lots of different people adding stuff to the database at once, and without being loged in..
I am using session_Id as to keep the basket individual

is that secure?
bungkusan
Forum Newbie
Posts: 20
Joined: Tue Sep 16, 2008 8:56 am

Re: session

Post by bungkusan »

pagegen wrote:hey mate..

well my basket works as, when a user adds items, they get stored in the database..
and because its lots of different people adding stuff to the database at once, and without being loged in..
I am using session_Id as to keep the basket individual

is that secure?
is it possible to use IP for the diffrence? :D
insert your session with their own IP
pagegen
Forum Commoner
Posts: 32
Joined: Sat May 31, 2008 6:38 am

Re: session

Post by pagegen »

bungkusan wrote:
pagegen wrote:hey mate..

well my basket works as, when a user adds items, they get stored in the database..
and because its lots of different people adding stuff to the database at once, and without being loged in..
I am using session_Id as to keep the basket individual

is that secure?
is it possible to use IP for the diffrence? :D
insert your session with their own IP
well to what i knw, session_id is allways diffrent n wont match no other users on the site..

dont no about IP
User avatar
Stryks
Forum Regular
Posts: 746
Joined: Wed Jan 14, 2004 5:06 pm

Re: session

Post by Stryks »

The thing is, using the session id to store to the database is valid. However, if the user leaves their machine for long enough for the session to timeout then when the user views the next page, their session ID will be different. I suppose you could store a timestamp to allow you to get rid of old abandoned carts, but it seems more hassle than it's worth. But you'd have to clean up somehow, because eventually you're going to start repeating session id's. (ok, so it's a stretch but I think it might be possible)

I'd avoid IP comparison. Two people from the same network (say a school or office) can all have the same IP address (as far as the server sees anyhow) and others can have the situation where their ISP rotates their visible IP address. You could wind up sharing carts or just dumping carts at random.

Seriously ... I'd look at storing cart contents in the session (like in the link I gave you). You still get the cart loss if the user times out, but there is an automatic garbage collection on sessions, and the cart information is automatically available on a per user basis. It's just easier all round.

Have a good read of that post. What is there is really all that is needed to implement it, although it does mean scrapping most of the cart code that you have so far. That can be hard, I know.

Anyhow .. that's my advice.
Post Reply