Page 1 of 1
session
Posted: Tue Sep 16, 2008 6:49 am
by pagegen
Code: Select all
session_start();
session_id() = 'billy';
$username = session_id();
Hey guys am using session_id() in a shopping cart to keep an individual basket for each user..
The site also has register and login option..
the problem is if some1 has added products in there basket and login i want the session_id to become there username to keep the basket individual..
my code is not working to set the session _id can u guys help..
have u guys got any other ideas to make the basket more secure?
Thanks in advanced
Re: session
Posted: Tue Sep 16, 2008 6:59 am
by pcoder
Try this:
Code: Select all
session_start();
session_id( 'billy');
$username = session_id();
Re: session
Posted: Tue Sep 16, 2008 7:02 am
by pagegen
pcoder wrote:Try this:
Code: Select all
session_start();
session_id( 'billy');
$username = session_id();
thanks you..
searched on net for a wile b4 posting but i guess its too easy and thats why people never had it on thr site..
any comments on the baskets security?
Re: session
Posted: Tue Sep 16, 2008 8:59 am
by bungkusan
hai guys, i wanna ask about session lifetime.
how to setting the max lifetime for session using PHP code, not setting in PHP.ini ?
Re: session
Posted: Tue Sep 16, 2008 9:35 am
by pagegen
bungkusan wrote:hai guys, i wanna ask about session lifetime.
how to setting the max lifetime for session using PHP code, not setting in PHP.ini ?
i found this but not tested it yet
session.gc_maxlifetime = 3600;
Guys i have another problem:
ok when i do the
Code: Select all
session_id( 'billy');
$username = session_id();
its ok to show what ive set as the id on the page i set it but on other pages it becomes some long number again.. any suggestions?
Re: session
Posted: Tue Sep 16, 2008 9:41 am
by bungkusan
pagegen wrote:
i found this but not tested it yet
session.gc_maxlifetime = 3600;
this is for php.ini

another choice ?
Re: session
Posted: Tue Sep 16, 2008 7:27 pm
by Stryks
pagegen wrote:Hey guys am using session_id() in a shopping cart to keep an individual basket for each user..
Sorry ... just to clarify ... keep an individual basket where? If you keep your basket in the session, then it's already individual and you don't need to do a thing. If you're storing it elsewhere, then consider storing cart contents in sessions instead.
When the user orders the cart, then just write the order to the database and refer to the user's ID from the login system.
Or, if you really want to use the database for interim cart storage, then write it to the database, but again, link it to the user_id that would have been created in your login method, not the session ID.
I replied to someone else about using sessions for cart storage
HERE ... maybe it will be of help to you.
Cheers
Re: session
Posted: Wed Sep 17, 2008 3:09 am
by pagegen
hey mate..
well my basket works as, when a user adds items, they get stored in the database..
and because its lots of different people adding stuff to the database at once, and without being loged in..
I am using session_Id as to keep the basket individual
is that secure?
Re: session
Posted: Wed Sep 17, 2008 9:29 am
by bungkusan
pagegen wrote:hey mate..
well my basket works as, when a user adds items, they get stored in the database..
and because its lots of different people adding stuff to the database at once, and without being loged in..
I am using session_Id as to keep the basket individual
is that secure?
is it possible to use IP for the diffrence?

insert your session with their own IP
Re: session
Posted: Wed Sep 17, 2008 9:34 am
by pagegen
bungkusan wrote:pagegen wrote:hey mate..
well my basket works as, when a user adds items, they get stored in the database..
and because its lots of different people adding stuff to the database at once, and without being loged in..
I am using session_Id as to keep the basket individual
is that secure?
is it possible to use IP for the diffrence?

insert your session with their own IP
well to what i knw, session_id is allways diffrent n wont match no other users on the site..
dont no about IP
Re: session
Posted: Wed Sep 17, 2008 10:05 am
by Stryks
The thing is, using the session id to store to the database is valid. However, if the user leaves their machine for long enough for the session to timeout then when the user views the next page, their session ID will be different. I suppose you could store a timestamp to allow you to get rid of old abandoned carts, but it seems more hassle than it's worth. But you'd have to clean up somehow, because eventually you're going to start repeating session id's. (ok, so it's a stretch but I think it might be possible)
I'd avoid IP comparison. Two people from the same network (say a school or office) can all have the same IP address (as far as the server sees anyhow) and others can have the situation where their ISP rotates their visible IP address. You could wind up sharing carts or just dumping carts at random.
Seriously ... I'd look at storing cart contents in the session (like in the link I gave you). You still get the cart loss if the user times out, but there is an automatic garbage collection on sessions, and the cart information is automatically available on a per user basis. It's just easier all round.
Have a good read of that post. What is there is really all that is needed to implement it, although it does mean scrapping most of the cart code that you have so far. That can be hard, I know.
Anyhow .. that's my advice.