Cookies vs. Session-ID

Anon

Hi,

I started with PHP3 half a year ago and wrote a little shop system with PHP3/MySQL using cookies for storing the shopping cart.

Now the shop system is getting bigger and I am wondering whether I should rather use session-IDs for that (also to be independent from users not allowing cookies). To my understanding I would create a session_ID and transfer it via PUT (or GET ???) from one page to the other. I would store the session ID in a database-table SESSIONS and with a pointer to a Table CART which then stores the items.

Since I am still a beginner, could somebody tell me please whether
- this is right
- whether I should use PUT or GET
- how the typical session ID is created
- how/ when do I delete the session-ID
- whether the database-structure described above is right

I really appreciate your help.

Thank you from Germany !

CAROLA

Anon

Session variables are definitely a more reliable way to store your cart data since you can't rely on the user having cookies enabled (even though most do).

When submitting form data you will need to pass the session id as a hidden variable similar to the following:

I believe using method="POST" is what you would want to use when sending data from a form to a CGI program. Get will display the form variables and values in the URL.

You don't need to store the session data in your database however you can do so if you wish. I think by default session data is stored as a file in the /tmp/ directory on your unix system. This can be changed in the php.ini file.

Here's how a session gets created:

<?php

session_start(); // Creates a unique session id for the current user.
session_register("variable_name");

$variable_name = 5;
?>

NOTE: now whenever you call session_start() in any other scripts, $variable_name with the value 5 will be available to that script.

<?php

session_start();
session_destroy();

The above script destroys the active session and any variables registered in that session. Only do that when you are sure the user will no longer need that data.

I have left a lot of details out so you should consult the PHP manual and check out a tutorial on PHP session management.

Hope this helped.

--Craig.

Anon

Dear Craig,

thank zou so much for your support. As far as I understood that only PHP4 supports the session handlingThe method you describe. I don't now whether my ISP will install PHP4.

I could then would have to create a session ID by myself don't I (with system-time ?).

If I don't have a form can I also pass a session ID from one page to the other ?

Thanks again !

Kind regards

CAROLA

Anon

That's correct...

You would have to create the session id yourself if you don't use php4. What you could do is create a sessions table in your database that keeps track of session data.

You could seed a random number generator with the time to get a session id, however I'm not 100% sure that this will be unique every time, you will have to look into that.

You can pass the session id from one page to the other by including it as a parameter in the link's URL... eg.
<a href="http://www.somelink.com/somefile.php?sessionid=<?php echo $sessionid;?>">link that passes sessionid as a parameter</a>

where $sessionid is some unique sessionid that you have previously generated.

Hope that helps...

--Craig