sessions and maintianing state

Anon

I have a page that requires that I send the user off-site (diff domain). The user is instantly redirected back to the original domain. Is this going to kill session variables I had set? I can't seem to read them on the user's return.

Anon

The session doesn't die at all. You can't "kill" a session even if you close the browser, it times-out after a period of no requests.

The question is... how do you get back on a session that you abandoned. I have no clue.

Maybe (check the manual) there's some kind of persistent cookie... just to identify the user when he returns, otherwise the cookie (but not the session) is destroyed when he moves to otherdomain.com

You can also try to use 2 browser windows. If this is not happen like in "all" your site/app pages, you can move values between windows with jscript.

If your session doesn't depend on cookies, but on SID=2345jgb432k534 moving around the requests I think you can do it, as long as you can control the request that otherdomain.com does to get the user back on your site and put the SID on it.

be more specific. do you have security requirements?

André

lordstjohn

I've had this problem...

I resolved with the following :

Create a seesionID database with last action datetime (DB in MySQL).
I check if cooky has already been stored in the computer (with sessionID, date Time).
If sessionID is stored in MySQL DB dans expiracy date and time has not been reached, I put a new value in last action var.
If sessionID is nomore stored, that the reason that the session has expired (30minutes). than I create a new one !
If no cooky found, I create a new one...

I think that is the easier way to manage the sessions.

Remark, each time somebody access the MySQL DB where the sessionsID are stored, eachrecords greater than 30 minutes are deleted.

This is the same with data stored with sessionId in other DB where the data are stored...

Have lot of fun !

Anon

I'm creating an application for a financial services company with security needs. We will be transferring sensitive financial information online.
Web Server
Apache Version 1.3.6
Operating System
Linux Redhat Version 5.1 (Manhattan),
Kernel 2.2.13
Perl
5.004_04
PHP
3.0.12
GCC
2.7
MySQL
3.22.27

Any ideas on where I can find sample php scripts to handle sessions? I have read through php4 and php "professional programming" from wrox and neither has any sample code for sessions.

thanks for the input.

Anon

hi andre,

i am designing an online voting system for my schools student elections and need to fund some examples of keeping session data. do you recommend cookies or just session variables?

thank you froj your help.

kind regards,

john o'dwyer

Anon

I don't really understand what you're planing to do so situation A & B follows:

A. If you wish to keep track of visitor during one session, from page to page, like "welcome John", "hi John, still there", "sure John...", etc... it really doesn't matter if you use cookie or not.

You just say "session_start()" in your code and it starts with cookies or not depending on the server configuration (variable session_use_cookies, i believe, you can phpinfo() your server to know how it's configured) and also depending on the client's configuration: if he doensn't accept cookies, php will automatically add a PHPSSESID=kshadf1234897fdhascnaskd2 in every link the page sent to the client (even images!!!!).

When you call session_start() in the next page (or the same if the client links there) php will load every variable registered on that session as a global variable.

B. If you wish to keep track of who voted allrady (in order to get one vote per person only) you will need a very different thing: permanentcookies.

The cookie remains in the client's computer even after the session is over and you will identify (by wrinting some code) the client next time around.

If you believe that more than one student will share the same computer, this is no secure way to do it, because cookie remains in the computer not in ther persons body.... so you will need some sort of passowrd or activation key in order to ensure one vote per student....

foxden

PHP Fast & Easy
(ISBN: 076153055X, Prima-Tech, July 2000)

www.thickbook.com

ck1125

Hello people
I have a problem understanding how this issue of sessions work. I need some kind of primer. can anybody help???

Chucks