Session Problems

Anon

I have looked over the PHP.net manual and cannot find what I need in their session section. I have a database driven shopping cart and everytime a user enters my site, it should first check to see if a session has already been started for this visitor. If not, I need it to connect to my database, table name \"track\" and column name \"ID\" - find the latest number and add one to it - I don\'t want PHP to assign it\'s own ID, I want to assign it. Basically, if my last visitor was sessionID = 65, it would query the database, see that 65 was the last, add one to it and update the change to the database.
That ID must expire once the customer leaves my website.

I can\'t get it to work in PHP - any help? Thanks a lot!

[deleted]

You can't do it that way;
you can't check the database, get the highest number and use it,
because then it's possible taht two users do the same query at the same time and then they would get the same number.

Instead, change your 'ID' column in the database to a SERIAL or 'auto_increment' type.
That will keep track of which numbers it has already used. Every time you insert a new row, the column is filled with the next value. That means every time you insert a row you get a new unique value that you can fetch from the database AFTER it was created.

Why don't you want to use the normal session id?

Anon

I suppose the normal session ID would be fine, I just can't get it to work right. I read and read the php.net maunal and can't seem to get it. How does it work? I would need it to generate a new id for every new visit, never duplicating an id and I would need the session id to be written into a field on my database so I could read back what the user has added to their cart depending on their session id. How would I get that to work using PHPs standard session ID?

Thanks so much again,

Justin

Anon

Also, please remember - I'm brand new to PHP, so be gentle! 🙂 Thanks for all your help.

Justin

[deleted]

That's the beauty of PHP's sessionids.

Every new visitor will get a unique id. That is, an ID that is not currently in use by anyone else. But someone else may have used it last week.

In order to use sessions, this auto-generated session id MUST be sent from client to server on EVERY request. The easiest way to do that is with cookies.
You can change a setting in php.ini to 'session_use_cookies=1' (forgive memorylapses on the syntax)
Whenever a visitor comes to your site he/she will automatically get a cookie that contains their sessionid.
This id then stays with that client untill he closes the browser or untill PHP expires it (using the session timeout and garbage cleaner)

So the main things are:
1. SessionID is created automatically.
2. Make sure the client allways sends you his sessionid, either through cookies or through the URL (simply print the sessionid in the html code)
3. allways start your page with 'session_start()' (sounds obvious but it's too simple to remember so people forget it a lot)

The sessionID is a long string that you can use as an ID in your database.
Remember, it is a unique string for the CURRENT set of visitors.
After the ID times out, it can be re-used for a new visitor.
It does not always uniquely identify each and every user.
The ID that John gets today may be given to Martha tomorrow, so make sure
that you cleanup old records when the sessionid times out.