Session Management

delphis

Hi,

I seem to run across a lot of posts about session management in searching for them but they don't ask the questions I want to ask, so I'll post it here.

I am using session management for a simple login on a site. I set the session register the variable I want to track (this is my 'login ticket') on every page. The ticket is an encoded string with a unique id that refers to just one individual and is generated when they go through the login process. That's all no problem, the login works.. everyone is happy.

Except me. I am using temporary cookies, that disappear after the browser closes. When the page is first loaded on a 'new' browser (i.e. just opened) the first page arrived at has the session ID automatically added to the end of all the local URLs (I compiled PHP with --enable-trans-sid). If I reload or go to another page, even typing another URL on the site in then the session ID is not visible any more and the cookie is just working silently.

Now, my question .. why does it do that? .. can PHP not just use cookies ALL the time if I want or not (I've used without and I also notice it falls back on URL propagation if cookies don't work). Is it because it doesn't know what will work or not and covers both bases? If it is, that's fine .. I'd just like to know so I can stop wondering why it happens.

Sorry for the ramble.. :>

Derek

caphonic

Hi Derek,

I am not sure I can completely answer your question but I have come accross something similar. The temporary cookie does not always terminate straight away when you close the browser and sometime lives for 20-30 mins.

This might explain why you said :

"the session ID automatically added to the end of all the local URLs "

I was storing the sessions as a text file in a tmp directory.

hope this helps

Anon

I am trying to do a similar thing as you have started, but following all that I can read, and even an example in a PHP book I bought will not work.

I want to have a login that checks a mySQL database to see if the username/password combo entered exists. When a correct combo is entered, I want to grab the user's uid and write it to a session.

On each page, I want to check to see if this exists. If it does not, I will kick them back to the login with the page they were coming from. Once they login correctly, they go back to the page they were trying to get to originally.

I have done this previously in ColdFusion, but the session stuff I am reading in PHP doesn't seem to work. Do you have any code you can point me to, or a tutorial?

Thanks for any help.

Don

marcrobertson

I'm having the same probelm. Each of my pages checks to see if the userid session variable is registered. If not, it displays a login form, the action of which includes a parameter that names the original url. If the login is successful, I use the Location header to redirect back to the original url. Unfortunately, the session info seems to get lost. I found a comment in the online docs that said you needed to append the sid to the url in the Location header. I tried that with:

header( "Location:$origurl?".session_id() );

but it didn't seem to work. Any ideas anyone?

Anon

I ended up writing a cookie using javascript, and then doing an include at the top of each page that was a little javascript routine to check for the cookie, and redirect if it didn't find it set.

If you find a working php version, please let me know.

chrisnutting

Quick thing, (haven't tested myself) according to the PHP book we have here, the session is stored in the constant SID (The example code in the book shows tagging it onto the end of a URL:
<A HREF="link.php?<?=SID?>">