Sessions

thoand

Is it possible to have two sessions running?

eg. one for user login and one for some other stuff?
if not, how can I work this problem out?

thanks in advance,
Thomas Andersen

planetsim

As long as its registered as a different name and theres no output before they are registered then you should have no problems with it.

werkkrew

On my most recent script that I am debugging now I have about 7 sessions running

They arent totally independent I dont think

each one is defined with

session_register('variable');

then in each script that you want to have access to the variables defined (the variables are defined when you execute the "session_register" function, probably in the script that processes a user login or data from a database

you use session_start(); to call the session

Now, depending on if you have register globals enabled on your server, after using session_start(); the variables can be called one of two ways

if register globals is on:

$variable

if register globals is not on:

the session variables are stored in an associative array much like that of the post or get vars:

$_SESSION['variable']

that should be it, you can register as many sessions as you want, if you call session_register in more then one script that run in conjunction, just make sure to use a uniqe name for each one because as soon as you session_start it makes them all available and you dont want to cross reference them...

for example:

in my script, the user fills out the login form which posts to this script:

<?php
//Check user login script
//MySQL Connection Informaion
include 'db.php';

/*Convert to simple variables
$username = $_POST['username'];
$password = $_POST['password'];
*/

if((!$username) || (!$password)){
        echo "Please enter ALL of the information! <br />";
    include 'login_form.php';
    exit();
}

//convert password to md5 encryption
$password = md5($password);

//Check user info in database
$sql = mysql_query("SELECT * FROM members WHERE username='$username' AND
                                        password='$password' AND activated='1'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
    while($row = mysql_fetch_array($sql)){
           foreach($row AS $key=>$val){
                    $key = stripslashes($val);
           }

//Register session variables
session_register('first_name');
$_SESSION['first_name'] = $row['first_name'];
session_register('last_name');
$_SESSION['last_name'] = $row['last_name'];
session_register('email_address');
$_SESSION['email_address'] = $row['email_address'];
session_register('special_user');
$_SESSION['user_level'] = $row['user_level'];
session_register('tag');
$_SESSION['tag'] = $row['tag'];
session_register('username');
$_SESSION['username'] = $row['username'];
session_register('info');
$_SESSION['info'] = $row['info'];

mysql_query("UPDATE members SET last_login=now() WHERE username='$username'");

header("Location: login_success.php");
}
} else {
        echo "You could not be logged in! Either the username and password do not
              match or you have not activated your membership!<br />
          Please try again!<br />";
          include 'login_form.php';
}

?>

Whenever I want access to these variables which are defined based on user data in the database (most imporatanly "user_level" which defines what pages they can and cant view) I simply call session_start() at the BEGINNING of the script I want to use them in, and thats that.

Hope this helps

PyroX

werkkrew , that is one session with 7 items.

But I think thay is probably what your looking for anyway. I do not think you can have more than 1 session at time per browser window.

I think registering with a different name simply renames the session. If not, wouldn't you have to specify which session you want data from? I don't see ow you would do that.

thoand

Hello and thanks for your replies,

the application work like this:

After login verfication, I register the user data in the first session,

One of the functionalities in the application register and carries some input data over several pages, once the user has filled out the data I unset and destroy the session,
this of course destroys the login session also and then gives no further access.

I guess I could use HTML hidden form tags all over the application but are trying to find an easier way.

hope this helps understanding the problem.

best regards,
Thomsa A.

werkkrew

I do something similar in my latest script...

Sessions arent really a good idea here...

The simplest way to keep the variables passing again and again is to use hidden form fields to help keep passing the variables on again and again and once you dont need them anymore, dont pass the hidden fields anymore...

If you any help with how to do this, ask.

Let me know what you think

thoand

That is one way to solve it, but in the page after submiting I have to reload X times, because of inserting data from another HTML frame.

Then I have to submit the data to the other frame window first, which recives it and then send them back to the primary window.

get it, he he

This I found a bit messy, but if there are no other ways it seems like this is the solution.

Thomas

werkkrew

You could probably use a file

Create it during,

Put variables to it

Delete it when youre done.

PyroX

JUST USE ONE SESSION WITH MULTIPLE VARIABLES.

werkkrew

He doesnt want to do it that way, hes got a session running already for the user login, if he registers more, he cant kill the session without losing the user data then there are tons of extra unused variables. Which isnt a big deal, but I was just helping him figure out alternatives

PyroX

You cannot have more than 1 session at a time. Period.

He can unset those vars that are no longer needed, or set new ones, all in the one session.

I just hate to see him struggle with the impossible.

thoand

Had problems with the session_unregister().

This is what I do, and it seems to work for me.

before session_unset() and session_destroy()
I save the login variables in new temp variables.
eg.

$sessTemp1 = $_SESSION[SessSecurityId];

and the unset and destroy.

now I start the session again and register the temp variables.

Thomas A.

Weedpacket

Still seems like a lot of hassle - I mean, what's the point of wanting more than one session per session?

All you're doing is exactly what PyroX described, only with the extra work involved of destroying a session and then recreating it again. It's still the same session; the stored session data isn't updated until the script ends, and the name given to the session is the still the same one it got from the browser request (or generated, if the browser didn't supply one). All you're doing is

$thing = $SESSION['thing'];
$SESSION['thing']=null;
$_SESSION['thing']=$thing;

For all your session variables. Yippee. If that still looks reasonable, notice that the second line has no effect (because the "null" is immediately replaced by $thing:

$thing = $SESSION['thing'];
$SESSION['thing']=$thing;

And $thing is only a temporary variable, so let's use its value directly (and as a bonus save having it lying around later to possibly mess up the session data (which it can if you use session_register('thing) as well):

$SESSION['thing']=$SESSION['thing'];

Which of course is equivalent to:

So you've got three statements per session variable for what is a complete no-op.

Just do $SESSION['unwanted_var']=null; to each of your unwanted session variables, don't touch the ones you want to keep, and never have to mess with session_register(), session_unregister(), session_is_registered() or session_unset() again. In fact, as the manual prominently states, you shouldn't be mixing those functions with use of the $SESSION[] array anyway. The line "$_SESSION = array();" given on the manual page for session_unset() does the job that session_unset() did quite happily enough, thank you.

And of course you don't need to destroy the session unless and until you want to trash everything.