Useig Sessions

alsaffar

Hi there,

When I'm using cookies, I just set the cookie to any information I want:

$loginUserName = $HTTP_POST_VARS[loginUserName];
setcookie ("CkUserName", $loginUserName, time()+14400, "/", ".myDomain.com",0);

then if I want to retrieve that cookie, I just call it:

$CkUserName = $HTTP_COOKIE_VARS["CkUserName"];
echo "$CkUserName";

This is just Great, but if I want to use sessions, cause so many programmers advice me to use sessions instead of cookies, so:

Q. How can I convert the above 2 scripts, to use sessions instead of cookies? because I searched the php manual and I couldn't find the way.

dancahill

Not sure if this is what you want to do but........

session_start();

$loginUserName = $HTTP_POST_VARS[loginUserName];

session_register("loginUserName")

$loginUserName = $HTTP_SESSION_VARS[loginUserName];

$sessionID = session_id();

echo "$sessionID"

Log-in user name will then be available for duration of session.

alsaffar

I have problem with using sessions, everthing is not working fine, I have this test script to test the behaviour of session:

I run first test1.php:

<?
session_start();
$Eamil = "name@domain.com";
session_register("Email");
?>

Then from the same session, I run test2.php:

<?
session_start();
$Email = $HTTP_SESSION_VARS[Email];
echo "$Email";
?>

The problem is, never is show on the second script!!!

Please Help Guys.

dancahill

Email is spelt wrong (eamil).

alsaffar

Opppps :rolleyes: Thanx man, you now always after spending hours on a problem, at the end you'll find it was a silly mistake 😃

One more thing:
Programmers always said Sessions is better than Cookies, because it might be that the user disabled cookies!!! You know, still sessions required cookies to be working!!!

So what's the difference between using sessions or cookies if the user disabled cookies on his browser?

yelvington

Sessions store the data server-side, and transmit a key, either as a cookie or encoded in the URL, that allows the next request to automatically fetch the stored data.

Cookies are the default. If cookies are disabled, the key is automatically embedded in the URL. Read the very first page of the section of the manual covering sessions, and pay particular attention to the documentation of session.use_trans_sid.

NiXXeD

Ok, well what I see that you're doing wrong is you're still storing all the info in the cookie, or you're not loading up the old session. Sessions don't act like cookies do. A session is where the data is stored on the SERVER. When you use sessions without cookies, you are forced to login every new visit to the site. I guess it depends on how long you're making the sessions live for, but this is how I do it on my site.

At the beginning of the 'life' of the browse you must call session_start();
but if you are using cookies too, what I do, is store the session ID in the cookie. So if you want to load up that same session and have all the variables SET (they are stored in the session ANYWAY), just before you call session_start(), you call session_id($oldidfromcookie). So for instance, at the beginning of each page on your site that requires a register, just:

if(isset($_COOKIE["sessid"])){
    $sessid = $_COOKIE["sessid"];
    session_id($sessid);
}
session_start();

And at the end of your page, where you're storing all your variables, call your session_register's and set your sessid in the cookie. For Instance:

$email = 'NiX@NiXXeD.org';
session_register($email);
//---set $sessid cookie here - I'm lazy to write the code =0

The 2 code examples above should help a little. If you have any questions, feel free to email me (at the address in the second code example). Hope this helps!

alsaffar

I'm totaly confused 😕

Sorry guys, but please be patients with me 🙂

Well, let me explain my problem on points:

If the user set his browser to be prompt if a cookie is requested from any domain he visits.
and he visits my domain on an particular page.
And I'm using sessions to store variables on that page.
and that page have the following code for example:

<?
session_start();
$IPAddress = getenv ("REMOTE_ADDR"); 
session_register("IPAddress");
?>
<a href="Session2.php"> Click here to test session variable</a>

then it's obvious that a pop window will apear to let him choose if he wants to Allow or Block a cookie that is requested from my domain!!
My question is here, why there is a cookie requested from my domain, although I didn't set any cookie on the above script?
Then if the user choose to block that cookie.
He clicks on the link provided by me.
He'll be taking to another page with the following code:

<?
session_start();
$IPAdress = $HTTP_SESSION_VARS[IPAddress];
echo "My IPAddress is $IPAddress";
?>

One more time, a pop window will apear to let him choose if he wants to Allow or Block a cookie that is requested from my domain!!
if he chooses one more time to block that cookie, his IP that we grabbed in the 1st script will not appear in the 2nd script.
So now, If the user blocked all the cookies requested from my domain, what can I do?

Please Guys I want to know how I can handle sessions so I can manage users on my website very well. I don't want to have a hole to my DB.

MrAlaska

Originally posted by alsaffar
<?
session_start();
$IPAddress = getenv ("REMOTE_ADDR"); 
session_register("IPAddress");
?>
<a href="Session2.php"> Click here to test session variable</a>
My question is here, why there is a cookie requested from my domain, although I didn't set any cookie on the above script?

Please Guys I want to know how I can handle sessions so I can manage users on my website very well. I don't want to have a hole to my DB.

That question was already answered in a comment above, but I will TRY to address that without making you MORE confused 🙂

By using session_start() you are instructing PHP to handle taking care of the sessions. The server then takes care of maintaining state, and also offers a built in place to store variables. The methods used by PHP to maintain state are configurable in your PHP ini file, I believe, but the I think the default method is to try to use a cookie then insert the session ID in the URL if cookies are disabled. You have no need to set your own cookie, actually you should not unless you want to store a persistant cookie to maintain state when the user returns in the future. If you have PHP sessions turned on with session_start() you might as well store the user variables in the session attributes.

Sessions are not the same as cookies. Cookies are one tool used by sessions to maintain state. If you are setting cookies in your script, it is because YOU want to handle the session yourself. If you do it right, you can do the job more efficiently than the server, so the question is not whether to use cookies or sessions. The question is whether you want to handle the session yourself or let the server do it.

Clear as mud yet?

alsaffar

The methods used by PHP to maintain state are configurable in your PHP ini file, I believe, but the I think the default method is to try to use a cookie then insert the session ID in the URL if cookies are disabled.

As I mentioned before,
- I turned cookies off (So all cookies requested by my site blocked).
- Nothing is inserted in the URL!!!
- So, if the cookies are disabled in my browser, sessions is not working.
- Please take a look on my script and tell me why when I block the cookies nothing is passed to the second script, but when I accept the cookie, it's working fine!!!

dancahill

<?
session_start();
$IPAdress = $HTTP_SESSION_VARS[IPAddress];
echo "My IPAddress is $IPAddress";
?>

$IPAdress spelt wrong also shouldn't there be " " around IPAddress: $HTTP_SESSION_VARS["IPAddress"]; ??

Try that.

dancahill

Alsaffar,

I've thought a bit more about this and I think I see your problem. I don't have the same problem as my PHP has URL re-write enabled - I'll explain:

This feature encodes a session variable onto every URL link in the site. To enable the URL re-write feature you need to configure PHP with:

--enable-trans-id & then re-compile it. This does mean though that you will have extra processing to parse every page.

If you don't want to do it this way you can encode the session ID as a GET variable with each link as follows:

PHP sets the session ID as a constant SID if you include that value in the link then the receiving page can identify the sessions.

An example:

<?
session_start();
$IPAddress = getenv ("REMOTE_ADDR");
session_register("IPAddress");
?>
<a href="/Session2.php?<?=SID?>"> Click here to test session variable</a>

This should now pass the session ID to session2.php. Then call the session variables as before.

Let me know if this works. It's actually been useful for me to think a bit more about this.

Dan

alsaffar

Offffff, finallay someone understand my problem 🙂

Because before if I blocked the cookie the session isn't working, and now it's working after I submit the SID with the link:

<a href="/Session2.php?<?=SID?>"> Click here to test session variable</a>

And now I think that the "URL re-write" is disabled with me!!!

So, now how I can configure the PHP ini file? Do I have to contact my webHosting company?, or there is a way to configure it by my self?

dancahill

I would think that if you are using a 3rd party webhost then you are going to have to live with this - I can't see them changing their PHP configuration but might be worth asking them - they can only say no 🙂

alsaffar

Hi dancahill,

Well, you're the only one who understood my problem, please I'm seeking for help, please have a look to my new thread

I'm LOST 😕