Oh those sessions!!

thefisherman

Ok,

I have to implement sessions in my scripts. I want to track users (that don't have to login btw) Just surfing people.

If a session is started, and a unique id is created for this user, how does it stay with the user while he is going back and forth on the site?

How do you check such a thing?

I'm asking this because there might be lots'o'people surfing at the same time. I should be able to know who is doing what.

Any help would really be appreciated!

Fish

lewzer

Originally posted by thefisherman

If a session is started, and a unique id is created for this user, how does it stay with the user while he is going back and forth on the site?

How do you check such a thing?

Fish

Ok, I JUST read about this last night, but I believe once a session is started, the ID is generated and stored as a cookie that expires (by default) once the browser is closed.

Someone plz correct me.

dalecosp

Well, I'll take up that challenge. And, in spite of your nickname, my LART is gentle here, heh heh.

Sessions are not cookies, per se. Cookies are stored on the client's machine; sessions are stored on the server; in UNIX, I believe the PHP default location is /tmp.

Fish: you don't have to know how PHP does it, but it does. What you have to know is this:

You must call session_start() on any page/script that needs to have access to session vars.

The most correct way to address session vars is directly through the superglobal array:

$_SESSION['FOO']="stuff";
//sets var to string shown
unset $_SESSION['foo'];
//sets to NULL or ""
$_SESSION['foo']="";
//pretty much the same thing
if ($_SESSION['foo']=="stuff"){
   echo "I know that foo stuff would show up sometime!";

So, it's no different than coding otherwise.

You will see people code thusly:
```
$foo="this";
session_register('foo');
```
but unless your PHP is old, why do the two-step?

HTH,

thefisherman

So if i set a session variable like:

session_start()
$_SESSION['id']=$userid;

Then the variable id holds the value userid.
Then i have an id number for this user.
(Generated using for instance count++)

Then the next user arrives and the userid is changed.

What happens to the userid for the first user?

How do you keep track of users if the variable changes?

Or am i not seeing the big picture here...

Fish

rheroux

The next user that comes along presumably will be on a different machine. When session_start(); is called, it creates a session for every remote address that has ran that page.

So, user A could run test.php, and then user B could run test.php and it would create a unique session for each of them.

thefisherman

So a new session is created for every NEW remote machine.
Let's say 10 users are surfing the site,
(in this case a site where you can select items which you would like to buy).

a session is created for each of them. every session has its unique number for this user. If 5 of them are selecting items they would like to purchase, how do i link the unique session-number to the items the user has selected? (Throughout the pages)

Like, the user has clicked on an item, which is then stored into the database. But, the item being stored in the database, should also have the unique number for this user!

This is my problem i guess...

fISH

thefisherman

Take a look here and you'll understand what i'm saying:

213.93.90.4

Click Photographs->Entire Database, enter something like 'tree'

add it to the cart, you'll see that the cart is already filled with whatever i clicked on (This is MySQL btw)

FiSh

rheroux

Well, that's easy enough to do if you use MySQL as your backend with an auto_incremented column for the user id.

Take this example:

<?php

if(isset($_POST['login']))
{
include "config.php";

// Adding slashes to the username and checksuming the pass.

$_POST['user'] = addslashes($_POST['user']);
$_POST['pass'] = md5($_POST['pass']);

$sql = "SELECT * FROM user WHERE password = '". $_POST['pass'] . "' AND username = '" . $_POST['user'] . "'";
$result = mysql_query($sql) or die ("Couldn't execute the query.");

if(mysql_num_rows($result) == 0)
{
echo "Sorry, your username and password didn't match.  Please click <a href=\"login.php\">here</a> and try again.";
exit;
}

while($row = mysql_fetch_array($result))
{
$_SESSION['username'] = $row['username'];
$_SESSION['password'] = $row['password'];
$_SESSION['id'] = $row['id'];
}

echo "Welcome back " . $_SESSION['username'] . ".  You're unique Id is ".$_SESSION['id'].".  You have successfully logged in." ;

}

else
{
?>
<form action="login.php" method="post">
Username: <input type="text" name="user"><br>
Password: <input type="password" name="pass"><br><br>
<input type="submit" value="Login" name="login">
</form>
<?php
}
?>

So, as long as you're calling session_start(); at the top of the pages that you need the unique id for, it will always be available.

You can then insert it into the table for your shopping cart/inventory thing/whatever it is you're building.

Keep in mind that this example is rudimentary, and more security would probably be needed.

thefisherman

Have you looked at the site?

The point is, that noone has to login

If there are 10 sessions running, how can i tell which session-id belongs to who? I would like to store a session-id number into the database, along with all the items this specific user has chosen.

Still can't see the logic 🙁

Fish

lewzer

Ok, my bad... I had just remembered cookies mentioned in sessions chapter in a SAMS book on PHP.

'Because start_session() attempts to set a cookie when initiating a session for the first time..... ...... This means that the session only remains current (no expiry date set) as long as the browser is active.'

So that's where I'm coming from.

My problem is that I've crammed so much info in my miniscule brain.

dalecosp

Ok, go to the manual and start here if we're still having trouble here.

I can now see the issue, you want to write the session ID into the db. I believe you want:

$writethisvar=$PHPSESSID;

...take a look at session_name() and session_id() in the manual to be sure.

dalecosp

Originally posted by thefisherman
<snip>

a session is created for each of them. every session has its unique number for this user. If 5 of them are selecting items they would like to purchase, how do i link the unique session-number to the items the user has selected? (Throughout the pages)

Like, the user has clicked on an item, which is then stored into the database. But, the item being stored in the database, should also have the unique number for this user!

fISH

OK, some concepts for the cart builder...

You can store everything in session variables for each user without having to worry about information getting mixed up. Why? Because PHP sets up a tremendously large code called a "Session ID" that it tracks across multiple accesses; the tracking is accomplished via transmission in the URL, or by storing the "Session ID" in a cookie on the client side. The Session variables, however, are stored on the server.
It seems generally best to do ALL (that's ALL) of your work in PHP up to the point that the sale is actually committed. Just keep the information submitted (like how many, which item, even color, size, etc. if you want) in session variables. When you finalize the purchase, you should have some other unique information about the surfer, like his/her name, address, email addy, city, political subdivision, nation, postal code, telephone number, credit card number, shipping address, shoe size, etc. Write this information, along with the other important information about the order, like how many, which item, etc., etc.) into the database, or an email, and get it to the vendor. You don't really need to have the session ID saved....how many "Johann Schmid's" live at 72 Rue du Bien Temps, Paris with telephone #xyz-3847-0123 and MasterCard xxxx-xxxx-xxxx-xxxx? If your site gets lots of traffic, there's a pretty good chance the session file will have been deleted by the server before you get around to reviewing the transaction anyway.....

HTH....

thefisherman

Thanks,

i'm gonna think first and then try!

You've been very helpfull, thank you

Fish