jimfog

I am in the case where I have a separate table for the token/username, as such I will proceed with your recommendation. As a side note-one last simple question-I do not want to open a separate post for it only:Do you think(for whatever the reason) I should also store in the db table the timestamp of when the cookies was set? Do you think is necessary?

I have set up code that whenever I user returns the site a new cookie is created(persistent) and the tokenis stored in the corresponding table in the database. Suppose that someone comes 2-3 times/day in the site,multiply that with number of registered users andthe tables gets written many times,becoming large quickly. SO...how often should I erase table rows you think?Do you think-for example- that from the moment I create a token to the table I should delete the previous one-belonging to the same user obviously? Is there a rule of thumb in this? As a second though, maybe I just need update the token in the place of the previous one

Ok...I will invalidate the old cookie...by just setting its expiration date in the past? Does the cookie invalidation process includes anything else-any db action maybe?

Since every time a returning visitor comes to the a new cookie is created and we invalidate the old one am I right to assume that the expiration date of of the cookie can be very small-maybe even half an hour? I do not know If my logic is correct. That is why I am asking this. Thanks

yes, yous recommendation worked, thanks.

I did a slight change in the code(replacing an element) and the code is ruined somehow-the second animate does not take place.Here is the code:

$("#arrow").click(function(){	    var $customers = $("#customers");	    if($customers.offset().left<0)		 { $customers.animate({left:0},function()	  {$("#arrow").replaceWith("<div id='arrow'><img src='Images/cust-arrow_l.png' alt='arrow' width='10' height='10'></div>")	  });}	    else		  {$customers.animate({left: -287});}});});

As you see I am just replacing the one div with another with exactly the same name but with a different picture enclosed in it.I cannot understand what is wrong here.The second animation,after the else statement(and after the replacement of the div) does not take place. I am just replacing the div

yes it helps, thanks.I have one question though, What is the reason for adding pixels in the second conditional(-257+'px')? It works fine without it too.

Following, is a function that animates a div succesfuly:

$("#arrow").click(function(){    $("#customers").animate({left:0})}); 

I want to accomplish the following, on clicking the same element(that is,#arrow), #customer will go backto its original position, which is a css left property that hides #customer from browser view-specifically css left must have a value of -287px; What do you suggest?I tried first, by integrating in the above code a second function where it would check the css if is set to 0, and if that be true, animateto css -257. It did not work though.Of course the logic might be correct but the syntax might be wrong. So, I am just stating the problem from the beginning, without laying out the code of the logic I mention above.

Ok...do you confirm that callback is when a function is passed as an argument?I just wanted to know.

From a search I made in the web the concept of callback exists in PHP as it exists in javascript. The question, is though, are we talking about the same thing? In js, when a function is passed as an argument then we say that the latter function is a callback. When you use the term callback in PHP, does it have the same meaning as in javascript? Meaning a function that get passed as an argument to another function?

I read this tutorial here: http://fishbowl.past..._best_practice/ If I understood correctly, the moment the user is authenticated(after returning the site), is the moment we create a brand new cookie. That means a new cookie every time the user returns to the site. Why do we do that, for security reasons?

I read this tutorial here: http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice/ If I understood correctly, the moment the user is authenticated(after returning the site), is the moment we create a brand new cookie. That means a new cookie every time the user returns to the site. Why do we do that, for security reasons?

Somewhere in your application you want to delete some particular session variable but don't want to sign out from your application. Then you will use session_unset to unset a particular session variable. And when we log out from our application then we delete all the session data just using session_destroy().

Do you think that session unset and session destroy can exist both of them in the same script? I mean, is there any rule that says, that I must have a page where I first unset the session and a 2nd page thatI destroy it?

In Netbeans, whenever I put assignments in conditionals I get the following warning message: Possible accidental assignment, assignments in conditions should be avoided. I am talking about conditional such as this for example:

if ($result = $conn->query($query))

It could be other conditionals also(as the one above) where Netbeans will produce the warning message that I describe above. Why Netbeans might produce a warning in such cases-I do not see anything wrong with assignments in conditionals?

From where I am going to learn what is the amount of memory allocated to PHP.In php.ini?

It won't be needed to get the hashed username after all.I am going to take it fromthe database where there is a mapping of username-key, I will get the key from the cookie, and thiswill lead me to the username. All this is part of a "remember me" scheme-just to let you know. Thanks.

Is there a way I can get a username back after it's been hashed with sha1?

Does the below code checks if in a GET array, the key named expand has a value of all?

if(isset($_GET['expand']=='all'))

How am I going to url encode the backslash? Never heard that before. I think URL-encoding took place automatically-I am not sure.I saw in a tutorial that the forward slash is converted into %2F. From where can I make adjustments regarding URL encoding in scripts? And another thing, URL encoding seems to related with URLs, what values in cookies has to do with it? Just noticed the following,the forward slash DOES appear if I print_r the cookie in the browser-it does not appearwhen I see the cookie through Chrome settings about cookie data.

here is the cookie I used:

setcookie('cookiename', $enc_username .'/'. $token, time() + 60 * 60 * 24 * 7);

The $token is a random number(the one that gets in the Db) and $enc_username is the hashing of the username with sha1.I have placed also a separator character-a backslash to assist me in the separation of the username from the token. The problem, I do not see this backslash anywhere in the cookie-it does not get passed in the cookie,I am able to see the cookie through Fiddler-its value I mean and the backslash is missing. How am I going to separate the hashed username from the token-in the cookie they appear as one long big number.

What are the primary reasons for someone to use PEAR mail classes instead of the native PHP mail functions? Do the offer more features/functionality?

what you will do is when remember cookie is set you need to take out the encrypted username and decrypt it and check that username and key combo in database. if match found pull all of user data and initialize session as authenticated user.

.... in plain text (not hashed),

I need to say one last thing about the random number placed in the cookie.I think it must come from the username(hashed of course) so that I can use it to start a session(passing the username to the session array). I think this is the way to go, if the page where the user is redirected(after a cookie is found)must have session data in it.