Simple Sessions Question

synergypoint

I think I have been confused about how sessions work.

Is it true that even if sessions support on the server is set to use cookies, that only the session id is stored in the cookie?

And any other session variables set through session_register() are only stored on the server in the temp file?

I was under the impression that any session variables registered would also be stored in a cookie if cookies are enabled but now I think that is wrong.

Can anyone please clarify this?

Thanks.

bastien

first one is correct...session on client is only cookie or id in url...all session variable data is stored on the server

keith73

you are correct.
the session ID is stored in a cookie or is appended to the url and passed from page to page.

The session info gets stored in a file in /tmp (but that is configurable) and is of the form sess_SESSIONID.

the one thing you should not do is use session_register().
Create your session variables by using $_SESSION['varname'] = 'varvalue';

keith

synergypoint

What is the reason for not using session_register()?

LordShryku

From php.net/session_register

If you want your script to work regardless of register_globals, you need to instead use the $SESSION array as $SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled.

addie

hi
so is there any different betweet linux and widoze sessions ?

bastien

just the path to the sessions default

wind: C:/temp

*nix: /tmp

this can be defined in the php ini file and placed where yuou want it

hth

addie

ohhoo cool now i get it
so if you dont mind can you tell me how on page load start session, and how it check if session started etc else i would like to know how i denny user he cant post anything in delay between 3 hours ?

bastien

start_session(); to start the session...it also checks to see if a session is started and will not start another
the only real way to so this is via having a user login in every time he hits the site (cookies can be deleted and IPs can change for that user so neither is a viable way of tracking the user)

i would use a db or file for this...you add the user to the table/file when whatever crtieria is met to stop them from posting and timestamp it...then when the user tries to access the site to post something...check the db/file, compare the timestamp to the current time and if more than three hours, let the user post..else show a message like "can not post until 3 hours from last post"

hth