PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Mon Oct 14, 2019 9:19 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 6 posts ] 
Author Message
PostPosted: Wed May 09, 2012 1:36 pm 
Offline
Forum Newbie

Joined: Fri May 04, 2012 1:47 am
Posts: 9
I would be most nterested to hear the views of some experienced PHP'ers, regarding the alternative use of Sessions or URLS, as I'm fairly new to larger php web projects.

I am developing a website that can be accessed by anyone - for the most part, however to get to a 'My Page' the user must login.

I have a login form in a header file that is included on every page, and when it is completed it verifies the user credentials (in a sQL database) then displays a Welcome message, instead of the login form. Every page visited then has this Welcome instead of the login form.

I can get this to work using SESSIONS, - BUT - if I close the browser then go back in - the Welcome stays - ie the Session is still active. (Can a Session be destroyed completely once a browser moves to another site (without having to put code on every possible close event)).

SO - I thought I'd use the ?uname=xxxx on the end of the URL to pass the uname, (and fact that it was logged in) around - BUT - this means changing EVERY link to every page to include the ?uname=xxxx variable.

What is the 'Best Practice' for this situation - Sessions or URL Variables.

Thanks for any advice

Phil


Top
 Profile  
 
PostPosted: Wed May 09, 2012 2:33 pm 
Offline
Briney Mod
User avatar

Joined: Mon Jan 19, 2004 7:11 pm
Posts: 6446
Location: 53.01N x 112.48W
URL variables are a pain in the butt for just the reason you mentioned. In addition, if you only use URL variables, what's to stop me from typing in someone else's username in the URL?

The easiest way to expire sessions is to store a "last_accessed_time" value in $_SESSION. Then, in your header file, check if that "last_accessed_time" is within the last 30 seconds, or 5 minutes, or however long you want the session to last. If "last_accessed_time" is outside that, destroy the session and require the user login again.

_________________
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.


Top
 Profile  
 
PostPosted: Wed May 09, 2012 3:41 pm 
Offline
Forum Contributor
User avatar

Joined: Thu May 11, 2006 8:58 pm
Posts: 305
Location: Utah, USA


Top
 Profile  
 
PostPosted: Wed May 09, 2012 4:20 pm 
Offline
Site Administrator
User avatar

Joined: Wed Aug 25, 2004 7:54 pm
Posts: 13592
Location: New York, NY, US

_________________
(#10850)


Top
 Profile  
 
PostPosted: Wed May 09, 2012 5:15 pm 
Offline
Forum Newbie

Joined: Fri May 04, 2012 1:47 am
Posts: 9
Thanks all for the suggestions, looks like its SESSIONs for my usage, with the 'last accessed time' being checked and then a SESSION Destroy and back to home/login page.

Very useful advice from all.

Regards

Phil


Top
 Profile  
 
PostPosted: Thu May 10, 2012 10:03 am 
Offline
Forum Contributor

Joined: Tue Apr 17, 2012 12:57 pm
Posts: 160


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group