Jason Murray pressed the little lettered thingies in this order...
> > I am about to write a new admin system for a website I do and
> > it will have many different logins. I was wondering overall which
> > most of you thought would be better for such a thing? Wants really
> > a pro about sessions over cookies?
>
> If it's for an admin section, then you may as well use cookies. If
> the client doesn't want to use cookies they can't use their admin
> interface. :) I doubt they would have privacy issues with themselves
> anyway.
>
> If you're going to use cookies, hopefully you'll have a database
> system available (you said you'd have lots of different logins).
>
> So, create a session table:
>
> ID int
> username text
> password text (if required, maybe you won't need it again)
> logintime int
> expirytime int
> magickey text
>
> Generate a magic key as such:
>
> <?
> $randomseed = intval(ereg_replace("[^0-9]", "",
> substr(Date("U").microtime(), 4, 10)));
> srand($randomseed);
> $newid = rand(11111, 99999);
>
> $magickey = md5($newid.$REMOTE_ADDR.time());
> ?>
>
That's really a lot of coding to do when you consider that PHP does this
(or something very similar) for you when it initializes your user session.
It really would be foolish to attempt to create new session tracking code
if you use PHP4.
Allow PHP to initialize the session, assign the variable, attempt to set
the cookie and place the session ID onto the URL tag if it can't read the
cookie. All that you have to do as the programmer is insert the session
ID (which PHP has generated) into a database and possibly match it up
with a valid login in that database entry.
Doing the session coding yourself is a waste of time. You're not likely to
find a more reliable session tracking solution than what's built into
PHP4 as long as HTTP connections remain stateless.
Christopher Ostmo
a.k.a. [EMAIL PROTECTED]
AppIdeas.com
Meeting cutting edge dynamic
web site needs
For a good time,
http://www.AppIdeas.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
