Jump to content

Sessions


Jack McKalling

Recommended Posts

There is no function that I can recognise as one needed for what I want :blink:I want to be able to destroy all sessions, even if they are not created by my own, but do only apply to my very own site. (so not accidentally also from the other webhosts users :) )session_destroy() only shuts down your own current session, but am I the administrator or what? :) :)

Link to comment
Share on other sites

I want to be able to destroy all sessions, even if they are not created by my own, but do only apply to my very own site. (so not accidentally also from the other webhosts users )
I'm not quite sure I'm understanding correctly. I think though that you can only destroy sessions you have created, you don't have access to destroy a session that you haven't created.
Link to comment
Share on other sites

That is what I want allright :)Well, to go more in detail, I have built in some sort of function at my adminpanel, to empty the login register data. This means the statistics box would show "Dan The Prof online." (me, as the one that emptied the data) but some users may still be online besides me :blink:And when I was able to destroy all active sessions at my site while emptying the data, those people would go auto offline as wanted :)

when the statistics say only the admin is online, but also when a member is online, he might think I am ignoring him :)
Edited by Dan The Prof
Link to comment
Share on other sites

Hmm.. well, depending on what kind of access you have to the server, you could probably locate the directory where PHP is storing the session information (specified in php.ini), and simply delete all the files. You can go one step further, and get your own session ID, and delete all other files, so that you stay logged in. Of course, you can also just manually delete the files.

Link to comment
Share on other sites

May be a sollution, but well, I don't have to be an expert to know I don't have full access to those files, so would it be a good sollution to store my own session files inside my directory, or isn't that recommended due to security? Files inside my directory can be deleted at all times, if me is doing it.

Link to comment
Share on other sites

Well, you can actually dynamically set where session info is stored. This is the ini option:session.save_pathYou can use the ini_get function to see the current value (ini_get("session.save_path")), and you can also use session_save_path to get/set this option:http://us2.php.net/manual/en/function.session-save-path.php (see the comments on that page as well)Just make sure you set the save path before any calls to session_start are made.

Link to comment
Share on other sites

I just read about the ini directive, but is it safe to use on my webhost?As there are other users with their own directory at the host, and is there a possible security risk if session files are moved inside the directory, and should I change the directive at every page, or is it permanent for my acount?

Link to comment
Share on other sites

It should be safe to change this option.I'm not entirely sure how webservers execute PHP (and each host I'm sure can do it however they want), but changing this should not affect others on the shared host. For security risks, there is only a risk if you make the directory world-readable. Make sure that only your account can access it, not the anonymous web account. Also browse to the directory (in a web browser) and make sure it does not show the contents. If it does, you can always add an empty index.php.You need to change the option every time you use sessions, it will not carry over from one execution of PHP to the next. Each time PHP executes, it loads the options from php.ini, so you will have to change it each time. If you have an include file with configuration options that you use on every page, that would be a good place for it.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...