Jump to content

session start


jimfog

Recommended Posts

correct If I am wrong. A session should always start after the user has login or register-at these specific scripts.

Link to comment
Share on other sites

not nescearily. php does not know user login,user registration. general rule of thumb is you need to start session before you will use $_SESSION array. using $_SESSION array meanswriting$_SESSION['foo']='bar';or readingecho $_SESSION['foo']; eg when you logged in a user it means you write some data to current session of that user

Edited by birbal
Link to comment
Share on other sites

... In other words, you need to call session_start() near the start of every page from which a user could be logged in or not. And you do that to enable yourself to act differently based on whether they are logged in and/or who exactly is logged in.Since every $_SESSION starts empty, you can safely assume that if it's empty, the user is not logged in yet. Upon successful login, you'd fill out some key with some value (by convention, people enter the username as a value, but like any convention, that's not a must). So when you later call session_start() and find $_SESSION to contain the key, you know there was a successful login at an earlier point in time.In addition to using $_SESSION as this "is the user logged in?" indicator, you can also use it for any data that needs to persist between pages, but not between logins. A typical use case is in shopping application, where the $_SESSION contains the current items in the "cart" before they are checked out.

Link to comment
Share on other sites

so how do you go about using the session, im still a little confused about how to actually use it, i know you fetch the rows from the database then assign a variable to each row, but after you assign the row with a variable do you use that same variable as a part of the session? like i have 3 variables for the form$it = $_post['this'];$at = $_post['that'];$sip = $_post['on']; do i have to use those same variable when i fetch the rows also use those same variable on the session? like $it = $row['it'];$_session['it'] = $it;

Link to comment
Share on other sites

$_SESSION is just an array you will use it like other array. you are not bound to use any specific indexes. you can assign values in any index and can read it from there using the same index.

Link to comment
Share on other sites

You could fetch some data from the DB upon login, and store it in the session (from which point you'd use just the session), thus reducing the overall load on the DB server... But you don't have to do that, and should the database be updated in the mean time, your session will still be using the old data (unless it checks for updates, but that would defeat the whole purpose), and this will continue until the end of the session (via a timeout or an explicit "log out", i.e. "session_destroy();").

Link to comment
Share on other sites

ok, thanks for the explaination, now its time to put it at work :)

Link to comment
Share on other sites

So far we have not touched the issue of cookie/URL method for storing the session ID. The question is what is the preferred method forstoring the session ID according to your opinion. And another thing:I have installed PHP manual and as such I have not made any adjustments regarding session in php.ini. What do I have to do?

Link to comment
Share on other sites

Οk...the reasons I asked about php.ini that I have problem implementing session control.Let me explain:In one page the session works(in the page where I set the session variable equal to the username).In fact I use the test code below to verify that everything is OK:

echo 'the content of the session variable is'.$_SESSION['valid_user'] ;

The problem appears in another page where the session variable IS NOT "kept" by PHP.There I use again session_start() to initiate the session but the session variable seems inactive-I used the test code above to verify it. below is the code I used in the 2 pages:

    $username=$_POST['username'];		   $passwd=$_POST['password'];		   session_start();		    $_SESSION['valid_user'] = $username;   try{ if (!filled_out($_POST))	  {    throw new Exception('Ουπς, δεν συμπληρώσατε τα στοιχεία -πίσω στην φόρμα λοιπόν για να τα συμπληρώσετε.');	   } 	  	   if ($username && $passwd) {		// they have just tried logging in	     login($username, $passwd);  	    output_header('output_header_list',$username);?>	 <div   id="wrap">	    <?php output_buttons();    echo 'the content of the session variable is'.$_SESSION['valid_user'] ;    ?>

The session above works perfectly fine-in the page below it does not work:

<?php require_once 'output_functions_admin.php';   session_start();    ?>    <body>	   	    <?php output_header('output_header_list',$username);			    ?>	    <div   id="wrap">		    <?php output_buttons();		    echo 'the content of the session variable is'.$_SESSION['valid_user'] ;		  ?>

The 2 code segments listed above(from 2 respective pages) it is only a portion of the whole scripts.I just included that piece of the code that will be enough for coming to a solution/conclusion.

Link to comment
Share on other sites

your required file probably producing outputs that is the reason for failing. make sure your error is enabled to E_ALL. it will tell you if something wrong is there

Link to comment
Share on other sites

Yep...errors are beginning to come.

[size=4][color=#333333][font=Monaco, monospace]Warning: session_start(): open(/tmp\sess_gc90vh0m8diqtgfbtvm3ococq5, O_RDWR) failed: No such file or directory (2) in C:\Apache24\htdocs\Appointments\Administrator\adminmember.php on line[/font][/color][/size]

The funny thing is that at the page where the above message appears session functionality DOES WORK. Let us focus on the above for now, I do not want to go to the messages in subsequent pages-which might be irrelevant to the session problem. I will show the other message errors also if needed-I just do not want to overload us for now. As I side note: Is it maybe better if-when developing to have the errors set to E_ALL?

Link to comment
Share on other sites

The funny thing is that at the page where the above message appears session functionality DOES WORK.
Are you sure about that? Reading from the $_SESSION array in the same script that you wrote to it isn't proof that the session is working, you're just using the $_SESSION array. It would indicate that the session is working if you could leave that page and return to it and still have the session data there. That error message says that PHP is not able to create session files, probably because of the mixed slashes in the path.
Link to comment
Share on other sites

I managed the solve the path issue-I had to make some adjustment at php.ini. Nonetheless there still is an issue.Here is the code in the first page-that sets the session:

session_start();		   $_SESSION['valid_user']=$username;

The problem is in the second page-different of course from the one above, not related with the sessio path-here is the code:

session_start();   <?php output_header('output_header_list',$username);

I expected that $username would be valid and within the header code(not shown here) the username of the user would be printed, as this is what I am trying to achieve. Here is the error message I get:

Notice: Undefined variable: username in C:\Apache24\htdocs\Appointments\Administrator\Calview.php on line

Probably I do not do something correct-but what?

Link to comment
Share on other sites

The statement

$_SESSION['valid_user']=$username;

adds a copy of the value of $username into "$_SESSION['valid_user']". It does NOT make the variable $username itself available to other pages.So if you want to read that value, you have to read the appropriate $_SESSION variable, since that's the only thing your script has access to. For example:

session_start();   <?php output_header('output_header_list',$_SESSION['valid_user']);

Link to comment
Share on other sites

The statement
$_SESSION['valid_user']=$username;

adds a copy of the value of $username into "$_SESSION['valid_user']". It does NOT make the variable $username itself available to other pages. So if you want to read that value, you have to read the appropriate $_SESSION variable, since that's the only thing your script has access to. For example:

session_start();    <?php output_header('output_header_list',$_SESSION['valid_user']);

Ok, how am I going to make the variable $username available to the other pages also by using session functionality?This is what is required here.Unless, session functionality is not required here-and the example you gave me will do the job.
Link to comment
Share on other sites

You don't need to make the variable available across pages. You only need to make its value available across pages. That's what session functionality provides (a storage for values; via the $_SESSION variable), and what the example above does.

Link to comment
Share on other sites

Ok, how am I going to make the variable $username available to the other pages also by using session functionality?
You save the value to an index in $_SESSION, which then is available on all pages that include session_start(). That's what SESSION is for, for persisting data across pages via a global array.
Link to comment
Share on other sites

The mistake I was doing is that I called only session_start and used the name of the variable($username) instead of $_session[.....]which is the correct in the function above.

Link to comment
Share on other sites

One last thing,do you think it is better to have error reporting at E_ALL when developing?

Link to comment
Share on other sites

yes before php 5.4 E_ALL|E_STRICT and from php 5.4 E_ALL should be in development setting. you can read the recomendetion for production and development setting inside php.ini comments. also php zip pack from official site includes two different php.ini for development and production to be used.

Link to comment
Share on other sites

  • 2 weeks later...

Ok, session is working-as already stated. The problem is that the session does not work when a returning visitor comes-I mean when in this site for example a visitor who is already registered comes, he is automatically logged in. How am I going to achieve this using session functionality? Do I need maybe an if statement code?

Link to comment
Share on other sites

You need to set the session cookie to expire with the session data itself. Otherwise, it expires when the browser closes.You can set cookie parameters with the session_set_cookie_params functions. You must call this function before session_start(), so that session_start() could then set the cookie using those params.Since the cookie is only set if not already present, you can call this function only upon login. Most sites have a "remember me" option, so that the login page also checks if this option is checked before adjusting the session cookie.

Link to comment
Share on other sites

I did not proceed with the "remember me" functionality. I just want to see first that set_cookie_param works OK. This what I did:

  session_set_cookie_params('4800');		   session_start();

It does not work though, I am not surprised , I know that something is missing. I must stress that the above code is found in the member.php file which is the page the user is taken AFTER he has filled in correctly his details(username, password)and in which page I want the user automatically be directed there if he is already registered. The first page, where the login form is, is called index.php,the goal is, that if a registered member user comes to the site, this page is skipped(a very typical scenario in the web today). So, what do you think? How I must proceed?

Link to comment
Share on other sites

You need to call that function before you call session_start on every page, if you've already started the session on another page without changing the cookie parameters I don't think it will have any effect to try and do it later. Changing the cookie expiration isn't going to change the session expiration though, the session is still going to expire after 24 minutes of inactivity or whatever the setting is. Most sites that use a cookie to remember the user set a permanent cookie manually and store values that will allow the site to identify the user, including their username or ID, a hashed or encrypted password (it should not be the same as the hash that's in the database, it should be hashed again), etc. Some sites will use their IP as a salt to hash the password in the cookie so that it only applies to their IP, and the cookie can't be copied to another computer and used there.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...