Jump to content

cookie update problem


jimfog
 Share

Recommended Posts

I have set a mechanism such that when a returning visitor comes to the site he gets a new cookie and the old one is invalidated.Nothing strange here-it works OK. Apart from the above when a visitor comes to the site-a new visitor-and goes not to the home page but in another one,there is function there that also checks for cookie, and if present show member relative content-in which case a brand new cookie is assigned-, if not present show the login form. And here is the problem: If a returning visitor goes to the home page and then to the 2nd page mentioned above, a new cookie will be issued twice-which is redundant of course. What can I do to avoid the above redundant code-"I shortcut" I mean. Checking for a cookie is needed in every page of the site for that case where the user might go to a page other than the home directly. I am thinking that maybe the solution is that I invalidate the cookie only when the user "lands" only on the home page, What do you think?

Link to comment
Share on other sites

you will check the persitant cookie only if user is not logged in. first time when user land on your page they have no session started. so persistant cookie make them authenticated and issue a authenticate session. next time inside a certain amount of timsespan if user visit again as he has session started already it wont check the persistant cookie. you should append the whole remember me code at top of every page. use not nesceraiy will land on home page. they may have bookmarked some other page of your site and they want to remember the user whenever he visits the page.

Link to comment
Share on other sites

you will check the persitant cookie only if user is not logged in.
How am i going to check that?By checking if session array is empty? Yes..this is the way to go I think, checking the session array. If you have something to suggest-about how I check that the user is loggined-, I am listening. Edited by jimfog
Link to comment
Share on other sites

checking session empty or not will work but it has limitation (eg you have to store something in session for both guest and registered member. it wont work). but it is better to have a dedicated authenticated variable (boolean field) to indicate user is logged in or not. like $_SESSION['authenticated']=true;. some people check the existance of user id which was issued after successfull log in.

Link to comment
Share on other sites

checking session empty or not will work but it has limitation (eg you have to store something in session for both guest and registered member. it wont work).
I did not got quite got that. If someone comes and is logged out(a registered member) I will initiate session at that point plus I will issue the cookie.If guest comes, no session initiation at all- unless you are trying to say something else.
but it is better to have a dedicated authenticated variable (boolean field) to indicate user is logged in or not. like $_SESSION['authenticated']=true;. some people check the existance of user id which was issued after successfull log in.
I understood that. So besides cookie and session initiation, you mean that I have to set a variable also that will serve asan indication if user is logged in or not.
Link to comment
Share on other sites

I did not got quite got that. If someone comes and is logged out(a registered member) I will initiate session at that point plus I will issue the cookie.If guest comes, no session initiation at all- unless you are trying to say something else.
It was just a case example. you dont necessarily have to give guests sessions. as example An application i developed need to keep track of guest so i give session to the guests and set authentication to false where as registered member got "true" . rather than that there is also other possibilities. as rule of thumb it is better to give a unit handle one specific task, it helps to keep things separate,increase maintainibility and reduce chances of breaking your application when your code grows. $_SESSION['authenticate'] will handle only check the authentication of user and nothing else.
Link to comment
Share on other sites

No session, does not work, because the user might be logged in but the session not started. This happens when the returning visitor goes to a page other than home-below is the code I used:

if(!isset($_SESSION['valid_user']))	{	output_login_form();  	exit;	}

I will just for the existence of cookie or not and act accordingly.

Edited by jimfog
Link to comment
Share on other sites

because the user might be logged in but the session not started.
it is not possible if you are using session based login system. when user is logged in you are basicaly giving the a authenticate session which is not possible without starting the session. pseudocode
 if(!isset($_SESSION['valid_user']))		{		 //check the remember me token		 //if it is true update the token,make user login,give them session,redirect to destination page		 //if false show up the login form		output_login_form();  		exit;		} 

Edited by birbal
Link to comment
Share on other sites

it is not possible if you are using session based login system. when user is logged in you are basicaly giving the a authenticate session which is not possible without starting the session.
yes, you are right about that. I meant something else:When the user goes to a page other than the home page, despite he might have a cookie(which mean he is "logged in"-in the meaning that he does not need to enter pass/username) the session code is located in the home page only(assignment in a session array), since no session assignment takes place in the page other than home, so session is started...the previous described scheme, is wrong of course. Session array assignment must be done in every page since the visitor might go there directly.
pseudocode
 if(!isset($_SESSION['valid_user']))		{		 //check the remember me token		 //if it is true update the token,make user login,give them session,redirect to destination page		 //if false show up the login form		output_login_form();  		exit;		} 

Here is my pseudocode...I do not know if it's right one though:
if(!isset($_COOKIE['cookiename']))    {    output_login_form();    exit;    }    elseif((isset($_COOKIE['cookiename']))&& (!isset($_SESSION['valid_user'])))//this is what I was describing above{//check username against db//if correct, update cookie and start session}

What do you think about the pseudocode above?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...