[Resolved] cookie and sessions

dv6cougar

ok, i'm new to sessions here. I have made a very basic login script that uses a normal session and the session is parsed into the url i.e

 whatever.php?".session_name()."=".session_id()."

now that works great, but I really don't like the layout and I want my users to be able to "stay logged in" so i wanted to use a database table session's to do this.

insert a time to timeout teh session at which point any page is run and anything before that time in the database is deleted and those uers's session's destroyed.

i have a script that does the insert and selects the info back out of the database that I came up with that goes like this:

function startSession($username, $pass) {
	global $cookie, $mysql_access;
	$newpass = md5($pass);
	$_SESSION['session']['username'] = $username;
	$_SESSION['session']['password'] = $newpass;
	$_SESSION['session']['loggedIn'] = true;
	if($cookie = "yes") {
	$sessionid = session_id();
	$query = mysql_query("INSERT INTO session SET sessiond='$sessionid',
												  username = '".$_SESSION['session']['username']."',
												  password = '".$_SESSION['session']['password']."',
												  cookie = '$cookie'") 
	or DIE("Error adding session to db.  If MySQL had an error it is <br /> ". mysql_error());
	} else {

}

}
function getSession() {
global $mysql_access;

$query = mysql_query("SELECT * FROM session WHERE username='".$_SESSION['session']['username']."'
											AND password='$getpass'")
								or DIE("Cannot get session from database.  If MySQL had an error 
								it is <br /> ". mysql_error());

}

every page does start with session_start(); and my script is working.. however, staying logged i do not think is. Would I have to set a cookie as well as use the database?

am I missing something here?

i'm actually thinking this now... when the info get's pulled from the database.... shouldn't it be more like this

$time = "";//some value
$query = mysql_query("SELECT * FROM session WHERE timeout > '$time' ");

no that wouldnt' work either... what I dont' understand is this:

in order to pull a certian person's session back from the database, you have to have a variable to math it to, to pull the correct one.

I'm pretty sure that's where cookie's come in. Now setcookie(); has it's problems, so if i do need to use cookie's i will use Javascript.

but then I read when I researched this idea on this board that you should not use cookie's and session's... now i'm lost 🙁

any help is greatly appreciated.

dv6cougar

hmm i am looking through the manual some more and i found someinfo....

so maybe I can figure this out myself.. 🙂

dv6cougar

ok if I use cookies, i would use

session_set_cookie_param();
and
session_get_cookie_param();

but my understanding of that one is minimal 🙁

so obvoiusly when my session starts, i set a cookie use the first function...

then after session_start(); on every page use the second one to get the cookie again.

but I'd much rather use a database.

thanks again 🙂

Edit:
hmm it seems to have worked...

now, how do I time it right is my question?

I want it to reset the cookie counter when people come back, so everytime they come back ti set's their cookie session back a week from that day.

.... hmmm....

like this maybe:

$cookieInfo = session_get_cookie_params();
$expireTime = 60*60*24*7; // 1 week

   if($cookieInfo[] !== "") {
       session_set_cookie_params($expireTime);
 }

hmm, that would work, only it would update it it even if ti has timedout... so now i need to know how the cookie's time is being input.

I think i'm loosing myself here LOL

more research time 🙂

dv6cougar

ok i have been at this all day now 😃 lol.

i ahve been reading the manual on sessions adn cookies.

i read 10 articles on sessions... most off the articles here and some from other sites.

However, I have yet to com eup with a wroking solution.. but i'm getting close to getting the whole cookies thing down.

now i have a few questions:
1. How does a session being held in a database work? Now my problem with this is, how do you go about actually pulling the a good/non-timedout session back out? Would you have to pull it via some variables? I was thinking of using cookies for that portion, and then I will be able to do this, however, what if the user has cookie's turned off? 🙁

MY COOKIE WILL NOT DELETE 🙁 i have tried many pieces of code on my logout portion... and I have been checking it for error by echoing the cookie
```
echo $_COOKIE[session_name()];
function destroySession() {
	$session_n = session_name();
	if(!setcookie(session_name(), "", time()-3600)) {
       //i have tried many things including... setcookie(session_name());
// and setcookie("$session_n");
//and setcookie("$session_n", "");
//and setcookie(session_name(), "");
	echo "Cookie not deleted";
	}
	unset($_SESSION['session']);
	session_destroy();

	return true;
	}
```
now I think that trying $session_n was redundant trial, becuase session_name() should work just fine... and that is how the cookie get's set the first time.

actually I think that's it.

Someone please help me... i really wanna do this... grrrrrr

makes me mad lol, thanks in advance.

dv6cougar

woot, i think i got it

i tested it by closing the browser and running my script again, and wouldn't you know it.

i was still logged in 🙂

problem solved by me and a friend 🙂

nathanj

I am currently writing a similar script and having some problems just in my thought process... I was going to pass the session_id() via the url...

But I have no idea how I would do it? Got any ideas?

dv6cougar

yes i have done that.

what you do is store the variables like this:

$_SESSION['session']['username'] = $username;
//do same for password

//then  below you set loggedIn as true

$_SESSION['session']['loggedIn'] = true;

//then in the url you do

echo "<a href=yourpage.php?
".session_name()."=".session_id()." />Whatever Link</a>";

pretty simple really.

i make it a function and run it after you've already registered that Usename and Password is correct.