Session Question...urgent help!

funkdrm

My question is somewhat in depth. I know that when a session is created that its given a user name and key. Suppose I have a system that registers a name and a password to that user, which are independent of the session name and key, and those two pieces of info, the name and password, are used to login by checking against a database...where does the session name and key relate. Should I register the name and password as session variables. Should I compare the name entered by the user to the name of the session. My idea has been a registration, which sends an email with a randomly generated 6 character long number(as password) for a login. So where do the sessions relate here...?

mp96brbj

Simply register the name and password as session variables. You don't have to care about what the session's name is if you don't want to. PHP will keep track of that for you.

[deleted]

Sessions don'e have a username, they just have an ID. That's all.

When any user comes to your site, PHP will assign a sessionID to that user.
This session ID must then be carried to each and every page that the user visits on your site, either through cookies or the URL. That way, the session data is linked to that particular user's "browsing session".

So far this has nothing to do with usernames, passwords or anything at all.

If you want to make your users login, you give them a form where they can enter their username and password.
Then you compare the username and password to entries in a database for example.
If the user is allowed to logon, you set or register a variable in his session, that simply says "loggedon" or something similar.

If you correctly carry the sessionID to all pages, the session data will be automatically available on each page and you should be able to check that the user is logged in or not by checking the variable in his session.

funkdrm

ok...so to clarify my own thoughts more..I have two more questions. I understand how it works up to here perfectly..suppose I want to present totals or something from the database relating to the particular user...can I make it so its just a variable modified based on what the session ID is?...also: As far as storing the session id...does the server just store its own cookie on my computer, or do I have to write code explicitly telling it to take the session id and store it into a cookie...I could've sworn I read it was done automatically...

Anon

As for the cookies, yes they are automatic if you tell PHP to do it in php.ini (check manual)

As for your firsdt question; I have no clue about what you mean :-)
Session ID's change every time a user leaves your site and comes back the next day for example, so you can't link a SessionID to a user longer than one "session"
So if a client visits your website, he gets a sessionID, but if he comes back the next day, he'll get a completely different session ID.
If you want to get info from a database based on who the user is, you'll have to store some identification in the session, like the users name or his user-id.