[PHP] session question
Hi, help: shouldn't this increase the number every time you reload the page? session_start(); $funky_session_var ++; session_register($funky_session_var); print $funky_session_var; Peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] session question
I have a form that submits to abc.php which then calls db.php and db.php then redirects to a new URL. I have session_start(); on all these files and I'm registering the variables I need. It seems that the session dies or gets lost on it's way through all the included files. I then tried to pass the SID in the URL that the db.php file creates, but the SID is empty once it gets here...though, there is a SID befoer then. Can sessions not be used with multple include files? What could I be doing wrong? This is my first forray into sessions...be gentle! thanks! Some code below, it's prettry straight forward. I still have cookies enabled, as well. Do I need to disable cookies for the SID in URL method to work? index.php where they log in from Username Password code from main.php code from db.php http://www.blah.com/index2.php?=".SID); exit; ?> index2.php code it only prints Welcome ...no username :( -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] session question
I have a question about session variables. In my page the session variables are not seen by the pages where tem are not declared. I´ve used "session_register($variable)" and so after at another page I´ve called "echo $variable;" and it generate a message that the variable does not exists. The session variables are not suposed to be seen at any time, at any page when the param globals is set on while session stands up? Tkx. R3.
[PHP] session question
I have a question about session variables. In my page the session variables are not seen by the pages where tem are not declared. I´ve used "session_register(variable)" and so after at another page I´ve called "echo $variable;" and it generate a message that the variable does not exists. The session variables are not suposed to be seen at any time, at any page when the param globals is set on while session stands up? Tkx. R3.
[PHP] session question
I am setting up a website with a need to use some sort of session management for a large amount of users. I cannot use typical file based session managment because at any given time there could be up to a million users logged in at once. (It is a LAMP linux/apache/php4/mysql system). I am a bit confused though as how to go about this. The user will be authenticated by verifying a username/password combo in a database, and then a session created. My question is this: After authentication, which type of session managment should I use? I mean, just do the standard php stuff with the session_ functions? (wo'nt this be bad with the # of simoltaneous users i need to support, because of the # of files on the server?) Or, shall I use something more complex like PHPLIB or create my own scheme using mysql? Is there any exisiting code/functions that can make creating my own scheme easier in order to support mysql or am i way off with this question? I just need a bit of direction here and any help is appreciated. Thanks! -Derick
[PHP] Session Question
Does php use cookies for sessions even if you don't explicitly use cookie functions to save session data server side? TIA, Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session question
Hello, I'm a newbie in PHP, I use a lot ColdFusion (at work). With ColdFusion, it's very easy to create and use session variable. I do something like that : and this variable can be use everywhere. Could you tell me how that's work in PHP. I saw in help file session.start. But it's not very clear for me. Thanks for your help, Bye -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session Question
I'm new to Apache (and PHP) and was unable to find anything approaching an
answer to this problem in the Apache documentation. In fact, I'm not even
sure if I'm having a problem with Apache or with PHP. I am trying to use
sessions to track users on my site and write information to a file. I'm not
requiring them to login or anything - all I really want to know is which
users are visiting different pages on my site so I can judge the
effectiveness of my design. Anyway the problem is - I'm using the following
script:
and i get the following error:
Warning:
fopen("/home/tgmalone/sessn-log/0bbaf33ab1c1f9d714e2244459979ec7.txt","a") -
Permission denied in /home/tgmalone/public_html/index.php on line 17
The problem is obvious, but I've been searching, searching and wracking my
inadequate brain for a solution and can't find one - can anyone help me find
a solution/workaround?
Thanks,
Tom Malone
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] SESSION question.
Hello, I have implemented a user login with PHP Session functions. THe problem I have is that if the user is logged in the site using http://mysite.com/login.php and starts a session, the session is not recognized when user is trying to utilize the site with http://www.mysite.com/dosomething.php any suggestions? thanks, erisen. ultrAslan. = Mehmet Erisen http://www.erisen.com __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] session question
Hi! I am trying to learn about sessions and set up this file, This seams not to work on the file fillista.xml, I can still read it afterwords in IE:s cache. How do I pass the session to a xml-file on server? Thanks for any help. Regards jan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Session question
Is it OK to have session_start as an include?
I have something like this:
// Session init
session_start();
function sKill() {
session_destroy();
session_unset();
header ("Location: login.php");
exit();
}
function sInt() {
header ("Location: login.php");
exit();
}
if (!(isset($_SESSION['sLogin']) && $_SESSION['sLogin'] != '')) {
sKill();
}
// Session variables
if (!isset($_SESSION['sUser'])) { sInt(); } else { $sUser =
$_SESSION['sUser'];}
if (!isset($_SESSION['sEmail'])) { sInt(); } else { $sEmail =
$_SESSION['sEmail'];}
if (!isset($_SESSION['sType'])) { sInt(); } else { $sType =
$_SESSION['sType'];}
if (!isset($_SESSION['sTime'])) { sInt(); } else { $sTime =
$_SESSION['sTime'];}
if (!isset($_REQUEST['id'])) { $id = 0; } else { $id = $_REQUEST['id'];}
// Kill the session if the ids dont match.
if ($id != $_SESSION['id']) {
sKill();
}
// Kill the session if timeout is exceeded.
if (isset($_SESSION['LAST_ACTIVITY']) && (time() -
$_SESSION['LAST_ACTIVITY'] > $sTime)) {
sKill();
}
Can I just call this session.php and include it at the beginning of each file?
--
Paul Halliday
http://www.squertproject.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session question
Hi, I have an "index.php" page which does not user session_start(); command. However in this "index.php" page, there are some $_SESSION['...']; variables stored. How is it possible that $_SESSION['...']; works even if no session has been created before ? moreover, if i use a print "Session ID : ".session_id(); after those lines, session_id() is empty (which is logical) as no session_start(); command has been used before. So, how is it possible that $_SESSION['..'] works ? Do i have a session created or not ? -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5
[PHP] Session Question
Hello, Currently I have an app that handles connection from a machine with a built in web browser. Commands from the remote on that machine are sent to the page via javascript.(I am not sure how, maybe the machine has api's for the browser or something) The problem I am facing is the other input on that machine comes in on port 4000 in ascii. Is there a way to have those pages pick up these codes somehow OR Is there a way to have a separate app monitor those ports(I know apache itself can monitor ports etc) and then talk to the current open page in a javascript action event? Thank you in advance, James
[PHP] Session Question
Hi, I'm working on a project. It uses large sql data to create pages. Last week I create some kind of cache info to create faster execution. It really works (system runs more than 10 times faster) But stroring cache data is problem. I use the session to store cache info. With using cache data session files growing 60K, I think it can be 100K or more. I need advice about using large session data. Or is there any way to store large array (10 or more dimestion) into memory or someting. Thanks. Sancar "Delifisek" Saran. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session Question
Hi All, I have a question about sessions. I need to pass session data from one domain to a secure domain. (www.mydomain.com to www.securedomain.com). I would like to preserve the session data in case the visitor goes back to www.mydomain.com. I thought about just passing the session ID to www.securedomain.com, but if I need to destroy the session while the visitor is in www.securedomain.com, I am hoping this will also include destroying data from www.mydomain.com. Basically, I am talking about a shopping cart system. If the user decides to stop half way through the checkout on the secure site and continue shopping in the store, I want the cart to remain. But if the user completes the checkout process on the secure domain, their cart should be empty when going back to the original domain. Thanks for any help. Chris --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.461 / Virus Database: 260 - Release Date: 3/11/2003
[PHP] session question
When a session is started on my server, it gets a name in the "sessiondata" folder like: sess_8sjg4893m9d0j43847dk4o5l2 I was just wondering if all sessions on ANY server start with "sess_"? Is this a PHP-wide default, or can it be changed (not that I want to change it, I just want to know if it can be changed)? Thanks, Matt
[PHP] Session question
What would cause the loss of a session in these circumstances: php page with search form - session good search form calls perl script php page with search results - php wrapper for perl search form displaying output - session good php page gotten to from link on php search results page in perl search form output - session lost | new SID set but SID cookie not displayed when showing phpinfo. Same php page gotten to from another direction - session good. This is pretty slim as far as details go but it pretty much sums up the problem. Does anyone have any idea where the session information is getting hosed? Thanks, Susan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session question
How do you make a session time out? and how do you make a session end if a person leaves your site? Frank __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session question
Hi, I've looked at the php session documentation, and it doesn't look like there's any way to run code when a session expires. I'd like to do some cleanup when a user's session expires, is there any way to trap this? Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session question
How about this: session_start(); session_register($funky_session_var); $funky_session_var ++; print $funky_session_var; Cheers, ^^@rk Peter Van Dijck wrote: > > Hi, > help: shouldn't this increase the number every time you reload the page? > > session_start(); > $funky_session_var ++; > session_register($funky_session_var); > print $funky_session_var; > > Peter > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session question
Hi Mark! On Wed, 31 Jan 2001, Mark Green wrote: > How about this: > > session_start(); > session_register($funky_session_var); > $funky_session_var ++; > print $funky_session_var; the order doesn't matter (as it did in PHPLib sessions). If it doesn't work I guess it's because you have register_globals off. -- teodor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] PHP Session question
Hi, I enabled sessions via session.auto_start feature, and attempting to simulate sessions when a user has disabled cookies. I remember it used to automatically append SESSIONID= to every href, etc.. (I compiled with --enable-trans-sid), but now it doesn't append it. What am I missing? Thanks in advance, Yev -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session question
some comments on sessions
- $PHPSESSID will only be set after the first page refresh.
- SID will only be set if your not using cookies.
- sessions with not transfer across multiple domain names.
- sessions without cookies will not transfer accross full urls.
use this code and
- sessions will transfer across full urls when using $SID
- sessions will transer across multiple domain names on the same server
using $SID
- both $PHPSESSID and $SID are set allways set.
remember that header redirects *require* full urls so you will have to use
$SID.
header("Location: http://$SERVER_NAME/index.php?$SID");
--
Chris Lee
Mediawaveonline.com
ph. 250.377.1095
ph. 250.376.2690
fx. 250.554.1120
[EMAIL PROTECTED]
""Jon Rosenberg"" <[EMAIL PROTECTED]> wrote in message
001301c09dc9$fc471c80$[EMAIL PROTECTED]">news:001301c09dc9$fc471c80$[EMAIL PROTECTED]...
> I have a form that submits to abc.php which then calls db.php and db.php
> then redirects to a new URL. I have session_start(); on all these files
and
> I'm registering the variables I need. It seems that the session dies or
> gets lost on it's way through all the included files. I then tried to
pass
> the SID in the URL that the db.php file creates, but the SID is empty once
> it gets here...though, there is a SID befoer then. Can sessions not be
used
> with multple include files? What could I be doing wrong? This is my
first
> forray into sessions...be gentle!
>
> thanks!
>
> Some code below, it's prettry straight forward. I still have cookies
> enabled, as well. Do I need to disable cookies for the SID in URL method
to
> work?
>
> index.php where they log in from
> session_start(); //first line of file
> ?>
>
>
> Username
> Password />
>
>
> code from main.php
> session_register();
> require ("db.php");
> if $form_action == "lrlogin"
> {
> get_user($username,$password);
> }
> ?>
>
> code from db.php
> session_start();
> SQL to select user info from db
> $access = $row[access_level]; //etc getting vars from db
> session_register("username");
> session_register("password");
> session_register("access");
> session_register("active");
> header("Location:http://www.blah.com/index2.php?=".SID);
> exit;
> ?>
>
> index2.php code
> session_start();
>
> print "Welcome $username";
> ?>
>
> it only prints Welcome ...no username :(
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session question
> index.php where they log in from
> session_start(); file://first line of file
Okay.
> ?>
>
>
> Username
? You been typing too much XML?... :-)
Shouldn't hurt.
> Password />
>
>
> code from main.php
> session_register();
Register what? You're supposed to register a variable name...
> require ("db.php");
> if $form_action == "lrlogin"
> {
> get_user($username,$password);
> }
> ?>
>
> code from db.php
> session_start();
Doing this after you registered a variable is bogus -- The
session_register() automatically calls this if you haven't yet.
> SQL to select user info from db
> $access = $row[access_level]; file://etc getting vars from db
> session_register("username");
> session_register("password");
> session_register("access");
> session_register("active");
> header("Location:http://www.blah.com/index2.php?=".SID);
Doing session_start() (and, by extension, session_register()) in the same
file as a header("Location:") won't work on some browsers. You'll either
get the cookie but no redirection or vice versa, depending on which browser
you are using.
And there should be a space after 'Location:'
And you probably need SID= for the SID to get passed on.
header("Location: http://www.blah.com/index2.php?SID=".SID);
> exit;
> ?>
>
> index2.php code
> session_start();
>
> print "Welcome $username";
> ?>
>
> it only prints Welcome ...no username :(
--
Visit the Zend Store at http://www.zend.com/store/
Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] session question
Are you opening a session on each of the pages you want to use the variables? Calling session_register() I believe causes an implicit opening of the session, but on the other pages you have to explicity open the session, or you won't have access to those vars. - John Vanderbeck - Admin, GameDesign (http://gamedesign.incagold.com/) - GameDesign, the industry source for game design and development issues > -Original Message- > From: Rodrigo Reis da Rocha [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 08, 2001 2:58 PM > To: [EMAIL PROTECTED] > Subject: [PHP] session question > > > I have a question about session variables. > In my page the session variables are not seen by the pages where > tem are not declared. > I´ve used "session_register($variable)" and so after at another > page I´ve called "echo $variable;" and it generate a message that > the variable does not exists. > The session variables are not suposed to be seen at any time, at > any page when the param globals is set on while session stands up? > > > Tkx. > R3. > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session question
There is a useful article here: http://phpbuilder.com/columns/ying2602.php3?page=1 As to "up to a million users" logged in at once... don't you wantto have multiple redundant web servers running under a load balancer? If the rest of your system can handle that many concurrent users, then I doubt PHP sessions will be much more of a strain on your system... unless you're storing some huge amount of data in each session. Pete. > ""Moax Tech List"" <[EMAIL PROTECTED]> wrote in message 00b101c0fa15$e47c4320$9865fea9@moax01">news:00b101c0fa15$e47c4320$9865fea9@moax01... > I am setting up a website with a need to use some sort of > session management for a large amount of users. I cannot > use typical file based session managment because at any > given time there could be up to a million users logged in > at once. (It is a LAMP linux/apache/php4/mysql system). > I am a bit confused though as how to go about this. The > user will be authenticated by verifying a username/password > combo in a database, and then a session created. > My question is this: > After authentication, which type of session managment > should I use? I mean, just do the standard php stuff with > the session_ functions? (wo'nt this be bad with the # of > simoltaneous users i need to support, because of the # of > files on the server?) Or, shall I use something more complex > like PHPLIB or create my own scheme using mysql? Is > there any exisiting code/functions that can make creating > my own scheme easier in order to support mysql or am i > way off with this question? I just need a bit of direction > here and any help is appreciated. Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session question
I have the load balancing all setup, which is why i didn't want to use normal file sessions. I have one more question though, I read that tutorial and got it to work perfect, it is too easy. I am just wondering, is using a library like phplib more efficient or is this very efficient itself (i mean are the built in functions pretty effieicnt)? That is my primary concern because of the # of usersthanks again! -derick - Original Message - From: "Peter Dudley" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 21, 2001 8:47 AM Subject: Re: [PHP] session question > There is a useful article here: > http://phpbuilder.com/columns/ying2602.php3?page=1 > > As to "up to a million users" logged in at once... don't you wantto have > multiple redundant web servers running under a load balancer? If the rest > of your system can handle that many concurrent users, then I doubt PHP > sessions will be much more of a strain on your system... unless you're > storing some huge amount of data in each session. > > Pete. > > > ""Moax Tech List"" <[EMAIL PROTECTED]> wrote in message > 00b101c0fa15$e47c4320$9865fea9@moax01">news:00b101c0fa15$e47c4320$9865fea9@moax01... > > I am setting up a website with a need to use some sort of > > session management for a large amount of users. I cannot > > use typical file based session managment because at any > > given time there could be up to a million users logged in > > at once. (It is a LAMP linux/apache/php4/mysql system). > > I am a bit confused though as how to go about this. The > > user will be authenticated by verifying a username/password > > combo in a database, and then a session created. > > My question is this: > > After authentication, which type of session managment > > should I use? I mean, just do the standard php stuff with > > the session_ functions? (wo'nt this be bad with the # of > > simoltaneous users i need to support, because of the # of > > files on the server?) Or, shall I use something more complex > > like PHPLIB or create my own scheme using mysql? Is > > there any exisiting code/functions that can make creating > > my own scheme easier in order to support mysql or am i > > way off with this question? I just need a bit of direction > > here and any help is appreciated. Thanks! > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session question
Derick, If you're seriously looking at thousands of concurent users (let alone millions) and the kind of budget on hardware and comms that implies, then I'd suggest you seriously look at your own session solution with MySQL or whatever. You can perfectly easily just use your own authentication against your MysQL user base and pick up all their "session" data from the same table or related tables if there is a lot of it. The basic logic for each page runs : Is $PHP_AUTH_USER set? If not send out an authenticate header. If $PHP_AUTH_USER is set pick out the user entry and password from your MySQL database and check the password, if it fails send back the authenticate header. Pick up all your session data while you're checking the password, so from one database query you've got everything sorted out. Do whatever processing you need and just before sending back the next bunch of html, update the user's record storing back all the session information. That's session management for you. The only advantage of standard session management tools like php's session management is that you can change what you store without making any database changes. But your volume of traffic you shouldn't expect to make any quick and easy changes to the logic of whatever you're doing. It's not really a lot of work to do this and you do get extra benefits in terms of flexibility over what session data is stored for how long and in what format. Basically you don't have a problem as long as the user's don't have a lot of session data. If they do have a lot of session data, you've got a major storage/retrieval problem regardless of your session tool and you probably need to chuck a highly-tuned customised database structure at it anyway!! Hope that helps, George > Moax Tech List wrote: > > I am setting up a website with a need to use some sort of > session management for a large amount of users. I cannot > use typical file based session managment because at any > given time there could be up to a million users logged in > at once. (It is a LAMP linux/apache/php4/mysql system). I > am a bit confused though as how to go about this. The user > will be authenticated by verifying a username/password > combo in a database, and then a session created. > My question is this: > After authentication, which type of session managment > should I use? I mean, just do the standard php stuff with > the session_ functions? (wo'nt this be bad with the # of > simoltaneous users i need to support, because of the # of > files on the server?) Or, shall I use something more > complex like PHPLIB or create my own scheme using mysql? > Is there any exisiting code/functions that can make > creating my own scheme easier in order to support mysql or > am i way off with this question? I just need a bit of > direction here and any help is appreciated. Thanks! > > -Derick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] session question (4.1.1)
I am trying to implement a user authentication/login system using PHP 4.x's
built in session functions. Upon a successful login, there is a
session_register('uid','uname','status'). On pages that require someone to
be an authenticated user I check against HTTP_SESSION_VARS['uid'] to make
sure it is not null, is greater then 0, and i also check the
HTTP_SESSION_VARS['uname'].
This seemed to be working until I tried to see what would happen if I fed
it a query string. I fed a "secure"
page ?action=edit&uid=3&uname=jon&status=true and my check still failed
me, but then when i went back to the same secure page without the bogus
query string, I was in fact authenticated as the user i forced through.
Is it possible that global vars even if not registered via
session_register() to end up the HTTP_SESSION_VARS array? I was under the
impression that the OLY variables and values that would be in this array
were those that were explicity registered via session_register().
Should i disable register_globals?
--Jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Session Question
In most cases, Yes. Calling session_start() for the first time sets a cookie on the client's computer containing the session id. At the same time the function creates a matching session file on the server. You register whatever variables you want to this file so that when you call session_start() on another page it looks for the cookie, retrieves the session id, and makes the associated variables in the file available to your script. I suggest you read the manual. It's all there... http://www.php.net/manual/en/ref.session.php -Kevin - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, January 03, 2003 11:10 AM Subject: [PHP] Session Question > > Does php use cookies for sessions even if you don't explicitly use cookie > functions to save session data server side? > > TIA, > > Ed > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Question
-Original Message- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Does php use cookies for sessions even if you don't explicitly use cookie functions to save session data server side? -- That question doesn't even make sense to me -- cookie functions can't save data server side, for one thing! Can you try to explain exactly what it is you're trying to find out? Cheers! Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Question
Sorry I didn't make myself more clear. I only want to use server side sessions. I don't want to have to rely on a client having cookies enabled in their browser. So far having trans_sid is just doing the trick. I can save values into sessions server side and not explicitly create a client side cookie with any values to retrieve the information. Thanks again, Ed On Fri, 3 Jan 2003, Ford, Mike [LSS] wrote: > -Original Message- > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > > Does php use cookies for sessions even if you don't explicitly use > cookie > functions to save session data server side? > -- > > That question doesn't even make sense to me -- cookie functions can't save > data server side, for one thing! Can you try to explain exactly what it is > you're trying to find out? > > Cheers! > > Mike > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Question
I use both... and the way I see PHP handling it is like this...
First call in it will add the SESSID to the hrefs.
Next call (page load) if it finds the cookie it will not append SESSID to URL.
However if it doesn't it will.
There are a few instance were I need to get the SESSION ID and append them myself.
Redirects are a good example you need to add it yourself.
header("Location: http://mysite.org/index.php?PHPSESSID=$sid";);
Cheers,
Mike
P.S. This is just from my obeservation
*** REPLY SEPARATOR ***
On 03/01/2003 at 1:52 PM [EMAIL PROTECTED] wrote:
>Sorry I didn't make myself more clear. I only want to use server side
>sessions. I don't want to have to rely on a client having cookies enabled
>in their browser. So far having trans_sid is just doing the trick. I can
>save values into sessions server side and not explicitly create a client
>side cookie with any values to retrieve the information.
>
>Thanks again,
>
>Ed
>
>
>On Fri, 3 Jan 2003, Ford, Mike [LSS] wrote:
>
>> -Original Message-
>> From: [EMAIL PROTECTED]
>> To: [EMAIL PROTECTED]
>>
>> Does php use cookies for sessions even if you don't explicitly use
>> cookie
>> functions to save session data server side?
>> --
>>
>> That question doesn't even make sense to me -- cookie functions can't
>save
>> data server side, for one thing! Can you try to explain exactly what it
>is
>> you're trying to find out?
>>
>> Cheers!
>>
>> Mike
>>
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session question
Just be sure you call session_start() on any page you want to access session variables. Then you can set a variable by doing $_SESSION["myvariable"] = "hello"; and then you can use $_SESSION["myvariable"] anywhere you want. This assumes the latest version of PHP. The procedure is similar on older versions, you just have to use session_register(). ---John Holmes... > -Original Message- > From: Christian Ista [mailto:[EMAIL PROTECTED]] > Sent: Saturday, May 25, 2002 4:45 AM > To: [EMAIL PROTECTED] > Subject: [PHP] Session question > > Hello, > > I'm a newbie in PHP, I use a lot ColdFusion (at work). > > With ColdFusion, it's very easy to create and use session variable. I do > something like that : > and this variable can be use > everywhere. > > Could you tell me how that's work in PHP. I saw in help file > session.start. > But it's not very clear for me. > > Thanks for your help, > > Bye > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session question
> Just be sure you call session_start() on any page you want to access > session variables. > I have to call this function on each page I use session variable or juste once ? > This assumes the latest version of PHP. The procedure is similar on > older versions, you just have to use session_register(). >From wich version session_start() is include ? Bye -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session question
> > Just be sure you call session_start() on any page you want to access > > session variables. > > > > I have to call this function on each page I use session variable or juste > once ? The statement is pretty clear. You've to call it once on each page you want to access session variables. > > > This assumes the latest version of PHP. The procedure is similar on > > older versions, you just have to use session_register(). > > From wich version session_start() is include ? Don't know what you want, but session_start() is part of PHP since version 4.0 Jens -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Question
Tom Malone pressed the little lettered thingies in this order...
> I'm new to Apache (and PHP) and was unable to find anything approaching an
> answer to this problem in the Apache documentation. In fact, I'm not even
> sure if I'm having a problem with Apache or with PHP. I am trying to use
> sessions to track users on my site and write information to a file. I'm not
> requiring them to login or anything - all I really want to know is which
> users are visiting different pages on my site so I can judge the
> effectiveness of my design. Anyway the problem is - I'm using the following
> script:
>
> session_start();
> session_register("origin");
> session_register("ip_address");
> session_register("browser");
> session_register("$id");
> $id = session_id();
> $origin = "$HTTP_REFERER";
> $ip_address = "$REMOTE_ADDR";
> $browser = "$HTTP_USER_AGENT";
> $sessn_root = "/***/sessn-log"; //substituted asteriks for actual path here
> if(!file_exists("$sessn_root/$id.txt")):
> $sessn_data = "$id\n $ip_address\n $browser\n $origin\n";
> else:
> $sessn_data = "$origin\n";
> endif;
> $fp = fopen("$sessn_root/$id.txt", "a");
> fputs($fp, $sessn_data);
> fclose($fp);
> $includes = "***/includes"; //substituted asteriks for actual path here
> $page = "$includes/index.inc"; include("$includes/template.html.php"); ?>
>
> and i get the following error:
>
> Warning:
> fopen("/home/tgmalone/sessn-log/0bbaf33ab1c1f9d714e2244459979ec7.txt","a")
> - Permission denied in /home/tgmalone/public_html/index.php on line 17
>
> The problem is obvious, but I've been searching, searching and wracking my
> inadequate brain for a solution and can't find one - can anyone help me
> find a solution/workaround?
>
The output file (or directory in this case) need to be writable by the web
server.
This sort of operation is rather insecure, but if you must log to a text file,
either make the output directory owned by the web server process
(usually "nobody") or make the output directory world writable.
If you have root access and your httpd process is owned by "nobody"
you can issue the following command from a prompt:
chown -R nobody /home/tgmalone/sessn-log
You must have root access to use chown. If you do not have root
access, you'll need to use chmod to make the directory world writable:
chmod -R 777 /home/tgmalone/sessn-log
Neither of these solutions is very secure. If you have the option, you
should log these entries into a database.
Good luck...
Christopher Ostmo
a.k.a. [EMAIL PROTECTED]
AppIdeas.com
Innovative Application Ideas
Meeting cutting edge dynamic
web site needs since the
dawn of Internet time (1995)
Business Applications:
http://www.AppIdeas.com/
Open Source Applications:
http://open.AppIdeas.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Session Question
> Warning:
> fopen("/home/tgmalone/sessn-log/0bbaf33ab1c1f9d714e2244459979ec7.txt","a") -
> Permission denied in /home/tgmalone/public_html/index.php on line 17
>
> The problem is obvious, but I've been searching, searching and wracking my
> inadequate brain for a solution and can't find one - can anyone help me find
> a solution/workaround?
chmod a+w /home/tgmalone/sessn-log/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session question
First use session_register(). Then give the variable a value.
So just rearrange your code, like this:
That should do it.
--
Plutarck
Should be working on something...
...but forgot what it was.
"Jan Grafström" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi!
> I am trying to learn about sessions and set up this file,
>
> session_start();
> $fillista = "fillista.xml";
> session_register("SID"."fillista");
> $SID = date("Y F j H:i:s");
> print "SID=".$SID;
> ?>
>
> This seams not to work on the file fillista.xml, I can still read it
> afterwords in IE:s cache. How do I pass the session to a xml-file on
> server?
>
> Thanks for any help.
>
> Regards
> jan
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Session question
Paul Halliday wrote: > Is it OK to have session_start as an include? > Yes. -- Per Jessen, Zürich (18.1°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session question
Unless your adding more code to your included file it isn't worth having it as an include as there is more typing/text involved. For management purposes also it would also look ugly if you were just having one file purely for session_start(); > From: p...@computer.org > Date: Tue, 17 May 2011 13:01:19 +0200 > To: php-general@lists.php.net > Subject: Re: [PHP] Session question > > Paul Halliday wrote: > > > Is it OK to have session_start as an include? > > > > Yes. > > > > -- > Per Jessen, Zürich (18.1°C) > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
RE: [PHP] Session question
You can have a session start in an htaccess file. .htaccess php_value session.auto_start 1 Do not scream at me if you do not like this approach or it does not work for you. I use it and it works well for me. Simply a suggestion. Richard L. Buskirk -Original Message- From: Ross Hansen [mailto:hansen.r...@live.com.au] Sent: Tuesday, May 17, 2011 11:16 PM To: php-general@lists.php.net Subject: RE: [PHP] Session question Unless your adding more code to your included file it isn't worth having it as an include as there is more typing/text involved. For management purposes also it would also look ugly if you were just having one file purely for session_start(); > From: p...@computer.org > Date: Tue, 17 May 2011 13:01:19 +0200 > To: php-general@lists.php.net > Subject: Re: [PHP] Session question > > Paul Halliday wrote: > > > Is it OK to have session_start as an include? > > > > Yes. > > > > -- > Per Jessen, Zürich (18.1°C) > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session question
the index.php page is the first page where user should logon. it consists of 3 flags (english, french and slovak). when use click on 1 flags, it reload the "index.php" page and changes the login and password words by their relative translation into the flag country selected. if user click on LOGON button, therefore it calls the checklogin.php page and ONLY if login and password are correct, the session is created by session_start(); command. I've read the $_SESSION array is available even if the session_start() command has not been used. but they told that variable stored in $_SESSION are not available to user till session_start() has not been used... in my case, they are available... :-( Al On 3/5/07, Ólafur Waage <[EMAIL PROTECTED]> wrote: I have an "index.php" page which does not user session_start(); command. > However in this " index.php" page, there are some $_SESSION['...']; > variables > stored. > How is it possible that $_SESSION['...']; works even if no session has > been > created before ? > If the page is redirected to from some other place? - Ólafur W -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5
Re: [PHP] session question
Alain Roger wrote: the index.php page is the first page where user should logon. it consists of 3 flags (english, french and slovak). when use click on 1 flags, it reload the "index.php" page and changes the login and password words by their relative translation into the flag country selected. if user click on LOGON button, therefore it calls the checklogin.php page and ONLY if login and password are correct, the session is created by session_start(); command. I've read the $_SESSION array is available even if the session_start() command has not been used. but they told that variable stored in $_SESSION are not available to user till session_start() has not been used... in my case, they are available... :-( 2 possibilities... 1) The session.auto_start php.ini setting is On - this causes session_start to be called before each request is processed. 2) There is no session. Remember that $_SESSION is a variable just like any other. It just happens that it gets stored between page requests if session_start is called. There is nothing stopping you using that variable, but I highly doubt its contents are getting stored between requests if you're not calling session_start. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Question
Hi, A session is meant to exist on one domain... You could pass the session to another domain to *hold* for you: secure checkout Then the secure domain would be responsible for remembering the old session id, and passing it back to your site when finished... Essentially, I think that each domain would have it's own session... it's your job for each site to remember the other site's session when jumping between the two. Obviously this is only an issue when cookies aren't available. Justin on 21/03/03 5:18 AM, PHP List ([EMAIL PROTECTED]) wrote: > Hi All, > I have a question about sessions. > I need to pass session data from one domain to a secure domain. > (www.mydomain.com to www.securedomain.com). > I would like to preserve the session data in case the visitor goes back to > www.mydomain.com. I thought about just passing the session ID to > www.securedomain.com, but if I need to destroy the session while the visitor > is in www.securedomain.com, I am hoping this will also include destroying data > from www.mydomain.com. > Basically, I am talking about a shopping cart system. If the user decides to > stop half way through the checkout on the secure site and continue shopping in > the store, I want the cart to remain. But if the user completes the checkout > process on the secure domain, their cart should be empty when going back to > the original domain. > > Thanks for any help. > > Chris > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.461 / Virus Database: 260 - Release Date: 3/11/2003 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Question
Hello Ernest, SInce register_globals() is ON on my server, I need to be able to figure out a way to ensure session security. Another question I had was that, with register_globals() ON can I still use the $_SESSION to set my variables ? I want to avoid recoding the entire application, so I want to see what can be done to enhance security with the current setup. Does the super-global array approach i.e. $_SESSION work, irrespective of the fact that REGISTER_GLOBALS is ON / OFF ? If I start setting session variables in the $_SESSION array from now on, will it improve the security of the session. I am a newbie in PHP session handling and am sorry if any of the above questions sound extremely lame. Thanks in advance, --Pushpinder On Wednesday, May 21, 2003, at 04:34 PM, Ernest E Vogelsinger wrote: At 21:51 21.05.2003, Pushpinder Singh Garcha said: [snip] register_globals is ON on my site. You should really rethink this - have a look at http://www.php.net/manual/en/security.registerglobals.php http://www.php.net/manual/en/ref.session.php section "Sessions and Security" register_globals=on simply enables anyone injecting globals to your site: http://www.yoursite.com/myscript.php?valid_user=sam+spade To keep sessions secure, one might consider these steps: (1) Filesystem security: session.save_path points to a directoy owned and readable by the webserver user only: session.save_path=/tmp/php chown apache:apache /tmp/php chmod 700 /tmp/php (2) If security issues are high you may attempt to make sure that the session identifier - be it via cookie or via URL parameter - gets additional confirmation. I once used this approach: I am transmitting a random cookie (random name, random value) to the browser, making a note (in $_SESSION) of the cookie name and its value. When the session gets revisited check for the existence and the value of this cookie. If the values match construct another random cookie, having another name and another value (also sending header information to delete the old cookie). If the cookie doesn't match don't discard the session but merely redirect the browser to another URL (usually a login page), clearing the session ID if it was received it as cookie. This has a drawback - clients are forced to accept cookies, or the system wouldn't work at all. Thus you can only implement it where security is at risk, and where acceptance of the additional cookie can be enforced (extranet applications, for example). (3) As a last resort one can remember the client IP that must match for the same session. This is not secure at all, and it doesn't work with some AOL connections where client IPs change at will (by AOL using random proxies for every INet connection). You can however automatically rule out that method if the client IP stems from the AOL-assigned range. Keeping a very good eye on session security, sessions are the only thing where you can keep login data and access rights, just like you're doing it. I would only urge you NOT to use session_register() and session_is_registered(), but to use the $_SESSION[] superglobal to be absolutely sure you're using only data you yourself have put there, and not injected data. -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Question
You should be able to use $_SESSION with register_globals on. " If you want your script to work regardless of register_globals, you need to use the $_SESSION array. All $_SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where register_globals is disabled. " -Oorspronkelijk bericht- Van: Pushpinder Singh Garcha [mailto:[EMAIL PROTECTED] Verzonden: Wednesday, May 28, 2003 6:18 PM Aan: Ernest E Vogelsinger CC: [EMAIL PROTECTED] Onderwerp: Re: [PHP] Session Question Hello Ernest, SInce register_globals() is ON on my server, I need to be able to figure out a way to ensure session security. Another question I had was that, with register_globals() ON can I still use the $_SESSION to set my variables ? I want to avoid recoding the entire application, so I want to see what can be done to enhance security with the current setup. Does the super-global array approach i.e. $_SESSION work, irrespective of the fact that REGISTER_GLOBALS is ON / OFF ? If I start setting session variables in the $_SESSION array from now on, will it improve the security of the session. I am a newbie in PHP session handling and am sorry if any of the above questions sound extremely lame. Thanks in advance, --Pushpinder On Wednesday, May 21, 2003, at 04:34 PM, Ernest E Vogelsinger wrote: > At 21:51 21.05.2003, Pushpinder Singh Garcha said: > [snip] >> register_globals is ON on my site. > > You should really rethink this - have a look at > http://www.php.net/manual/en/security.registerglobals.php > http://www.php.net/manual/en/ref.session.php section "Sessions and > Security" > > register_globals=on simply enables anyone injecting globals to your > site: > http://www.yoursite.com/myscript.php?valid_user=sam+spade > > To keep sessions secure, one might consider these steps: > > (1) Filesystem security: > session.save_path points to a directoy owned and readable by the > webserver > user only: > session.save_path=/tmp/php > chown apache:apache /tmp/php > chmod 700 /tmp/php > > (2) If security issues are high you may attempt to make sure that the > session identifier - be it via cookie or via URL parameter - gets > additional confirmation. I once used this approach: I am transmitting a > random cookie (random name, random value) to the browser, making a > note (in > $_SESSION) of the cookie name and its value. When the session gets > revisited check for the existence and the value of this cookie. If the > values match construct another random cookie, having another name and > another value (also sending header information to delete the old > cookie). > If the cookie doesn't match don't discard the session but merely > redirect > the browser to another URL (usually a login page), clearing the > session ID > if it was received it as cookie. > This has a drawback - clients are forced to accept cookies, or the > system > wouldn't work at all. Thus you can only implement it where security is > at > risk, and where acceptance of the additional cookie can be enforced > (extranet applications, for example). > > (3) As a last resort one can remember the client IP that must match > for the > same session. This is not secure at all, and it doesn't work with some > AOL > connections where client IPs change at will (by AOL using random > proxies > for every INet connection). You can however automatically rule out that > method if the client IP stems from the AOL-assigned range. > > Keeping a very good eye on session security, sessions are the only > thing > where you can keep login data and access rights, just like you're > doing it. > I would only urge you NOT to use session_register() and > session_is_registered(), but to use the $_SESSION[] superglobal to be > absolutely sure you're using only data you yourself have put there, > and not > injected data. > > > -- >> O Ernest E. Vogelsinger >(\)ICQ #13394035 > ^ http://www.vogelsinger.at/ > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Question
> SInce register_globals() is ON on my server, I need to be able to > figure out a way to ensure session security. The single most important thing to do is initialize all your variables. The way to ensure that you have done that is to set the error reporting level to "E_ALL" (which is max). The server will then report it if you use a variable that hasn't yet been assigned a value. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Question
Register globals essentially takes the value of $_SESSION['foo'] and creates $foo. It does the same thing for GET, POST, COOKIES, etc. The problem here is that you have no way of telling if $foo was a POST variable, GET, SESSION, or whatever. So, I can choose to append ?admin=1 to one of your URLs, and if you do not do any checking or variable initialising, it might be possible for me to fake myself as a user with admin clearance, or anything else that would be considered a risk. The super global arrays like $_SESSION exist, and can be used, regardless of whether register globals is on or off. If you start relying on $_SESSION['foo'] rather than $foo, $_POST['bah'] instead of $bah and $_GET['xyz'] instead of $xyz, you've made a great start. You should be able to use $_SESSION right now, but be aware that the manual says if you choose to use $_SESSION, then you should stop using functions such as session_register(). The next logical step would be to manually turn off register globals for your site, using a directory-level .htaccess file in your document root. An example of this file would be: --- php_flag register_globals off --- Do a whole bunch of testing on your LAN, make any changes you need to make to your code, perhaps turn the error reporting to the highest level (E_ALL) to see what warnings you get, then try the same on your live server. Justin on 29/05/03 3:18 AM, Pushpinder Singh Garcha ([EMAIL PROTECTED]) wrote: > SInce register_globals() is ON on my server, I need to be able to > figure out a way to ensure session security. > Another question I had was that, with register_globals() ON can I > still use the $_SESSION to set my variables ? I want to avoid recoding > the entire application, so I want to see what can be done to enhance > security with the current setup. > > Does the super-global array approach i.e. $_SESSION work, irrespective > of the fact that REGISTER_GLOBALS is ON / OFF ? > If I start setting session variables in the $_SESSION array from now > on, will it improve the security of the session. I am a newbie in PHP > session handling and am sorry if any of the above questions sound > extremely lame. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session question
On 16-Jun-2003 Matt Palermo wrote: > When a session is started on my server, it gets a name in the > "sessiondata" folder like: > > sess_8sjg4893m9d0j43847dk4o5l2 > > > I was just wondering if all sessions on ANY server start with "sess_"? > Is this a PHP-wide default, or can it be changed (not that I want to > change it, I just want to know if it can be changed)? > localhost.root# grep -r sess_ * ext/session/mod_files.c:#define FILE_PREFIX "sess_" Modify session/mod_files.c & recompile. -- or you can try your own handler: http://www.php.net/manual/en/function.session-set-save-handler.php Regards, -- Don Read [EMAIL PROTECTED] -- It's always darkest before the dawn. So if you are going to steal the neighbor's newspaper, that's the time to do it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] session question
session_destroy() I'm pretty sure, from what I've read. Jake McHenry Nittany Travel MIS Coordinator http://www.nittanytravel.com > -Original Message- > From: Frank Tudor [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 14, 2003 8:47 PM > To: [EMAIL PROTECTED] > Subject: [PHP] session question > > > How do you make a session time out? > > and how do you make a session end if a person leaves your site? > > Frank > > __ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session question
On Tue, 7 Dec 2004 11:50:58 -0500, Josh Howe <[EMAIL PROTECTED]> wrote: > I've looked at the php session documentation, and it doesn't look like > there's any way to run code when a session expires. I'd like to do some > cleanup when a user's session expires, is there any way to trap this? > Thanks. You can define your own session handling functions with and override PHP's default session handling with session_set_save_handler(). One of the functions you would define would be the garbage collection function. Once created you can call this function whenever you like. I wrote a drop-in replacement for PHP sessions that gives you what I just described, it uses MySQL: http://destiney.com/pub/php_db_sessions.tar.gz There's also the database abstraction layer ADOdb which gives you callback functionality in garbage collection: http://adodb.sf.net/ The db driven, encrypted and bzip'd sessions are pretty nice too. -- Greg Donald Zend Certified Engineer http://gdconsultants.com/ http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP] session question
Hello Teodor,
Wednesday, January 31, 2001, 10:49:34 AM, you wrote:
TC> Hi Mark!
TC> On Wed, 31 Jan 2001, Mark Green wrote:
>> How about this:
>>
>> session_start();
>> session_register($funky_session_var);
>> $funky_session_var ++;
>> print $funky_session_var;
TC> the order doesn't matter (as it did in PHPLib sessions).
TC> If it doesn't work I guess it's because you have register_globals off.
First, I believe the variable should be initialized first (even in
favour of common sense), and then registered.
Second, session_register($funky_session_var) gives your nothing (if
not an error). You should session_register('funky_session_var')
instead (the NAME of the variable, not the variable itself).
--
Best regards,
Max A. Derkachev mailto:[EMAIL PROTECTED]
Symbol-Plus Publishing Ltd.
phone: +7 (812) 324-53-53
http://www.Books.Ru -- All Books of Russia
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP Session question
Did you recompile and forget to include --enable-trans-sid?... What does have to say about how you compiled PHP? -- Visit the Zend Store at http://www.zend.com/store/ Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm - Original Message - From: "Yev" <[EMAIL PROTECTED]> Newsgroups: php.general Sent: Saturday, February 17, 2001 12:26 PM Subject: [PHP] PHP Session question > Hi, > > I enabled sessions via session.auto_start feature, and attempting to > simulate sessions when a user has disabled cookies. I remember it used to > automatically append SESSIONID= to every href, etc.. (I compiled > with --enable-trans-sid), but now it doesn't append it. > > What am I missing? > > Thanks in advance, > Yev > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re:[PHP] Session Question
Thanks Christopher! I chmoded the directory to 777 like you said, and it worked fine, but then I took your advice regarding security and put all the data in a MySQL database. Thank you very much for your help! Tom Malone -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] session question: session.auto_start vs. session_register.
I am working on an open source e-commerce package and have hit a wall with sessions. If I have session.auto_start turned on, I get the following error message: Fatal error: The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition shoppingcart of the object you are trying to operate on was loaded _before_ the session was started in on line 12 If I turn session.auto_start off, the error disappears. So, the error message tells me that I can't use the class unless I've defined it before the session gets started. However, session.auto_start (as far as I know) starts a session immediately, before even waiting for a script to be fully parsed & executed. So, the two seem mutually exclusive. (but then the usefullness of session.auto_start would seem extremely limited) Is there a way I think there's some glaring errors in my understanding here. Can someone help me fill in the holes? --kurt -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] PHP Session question. Please help!
Hi, I've got a session problem that I don't understand. Here's the setup. There are 2 frames, frame1 and frame2 (within frame1). Frame1 is simply a static html page like the following: http://mysite.ca/blank.html"; name="topFrame" scrolling="NO" noresize > http://mysite.ca/getPage.php?siteid=33&page=homepage"; name="mainFrame"> Frame 2 is the php file, namely getPage.php. In this php file, it starts the session and does some initialization to set the session variables. The php code is executed before any HTML code is outputted. So the session variables have been all set. It looks something like this: so $mypage is actually a dynamic string to another PHP page. The problem is, this $mypage that frame2 opens depends on the session variables that I've set at the beginning of frame2. And I realized that the session id of $mypage is not the same as that of frame2. So the variables will not load. So if i call up frame1 on the browser, $mypage will not get the session variables of frame2. The funny thing is that if i simply load up the url http://mysite.ca/getPage.php?siteid=33&page=homepage, i.e. the URL of frame2, $mypage actually DOES get those variables and have the same session id. Although I've solved the problem using a hacked method (passing the session id to $mypage using GET), I'm wondering if there's anything wrong with the setup that causes the diverse outcomes. Thanks for any kind of response. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session question: session.auto_start vs. session_register.
You may want to check out something like auto_prepend_file. Look at the PHP configuration help. I was thinking that you may be able to include your class definition there - IF auto_prepend_file IS INCLUDED BEFORE session.auto_start starts the session. Otherwise, use auto_prepend_file to include a file that: 1. Inludes your class def 2. Starts your session. Just my 2 Cents. -Jason Garber IonZoft.com At 12:44 PM 12/5/2001 -0800, Kurt Lieber wrote: >I am working on an open source e-commerce package and have hit a wall with >sessions. > >If I have session.auto_start turned on, I get the following error message: > >Fatal error: The script tried to execute a method or access a property of an >incomplete object. Please ensure that the class definition shoppingcart of >the object you are trying to operate on was loaded _before_ the session was >started in on line 12 > >If I turn session.auto_start off, the error disappears. > >So, the error message tells me that I can't use the class unless I've defined >it before the session gets started. However, session.auto_start (as far as I >know) starts a session immediately, before even waiting for a script to be >fully parsed & executed. So, the two seem mutually exclusive. (but then the >usefullness of session.auto_start would seem extremely limited) > >Is there a way > >I think there's some glaring errors in my understanding here. Can someone >help me fill in the holes? > >--kurt > > >-- >PHP General Mailing List (http://www.php.net/) >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
