RE: [PHP] Session question

2011-05-17 Thread admin
You can have a session start in an htaccess file.


.htaccess

php_value session.auto_start 1



Do not scream at me if you do not like this approach or it does not work for
you.
I use it and it works well for me.

Simply a suggestion.


Richard L. Buskirk


-Original Message-
From: Ross Hansen [mailto:hansen.r...@live.com.au] 
Sent: Tuesday, May 17, 2011 11:16 PM
To: php-general@lists.php.net
Subject: RE: [PHP] Session question


Unless your adding more code to your included file it isn't worth having it
as an include as there is more typing/text involved. For management purposes
also it would also look ugly if you were just having one file purely  for
session_start();

> From: p...@computer.org
> Date: Tue, 17 May 2011 13:01:19 +0200
> To: php-general@lists.php.net
> Subject: Re: [PHP] Session question
> 
> Paul Halliday wrote:
> 
> > Is it OK to have session_start as an include?
> > 
> 
> Yes.
> 
> 
> 
> -- 
> Per Jessen, Zürich (18.1°C)
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
  


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] Session question

2011-05-17 Thread Ross Hansen

Unless your adding more code to your included file it isn't worth having it as 
an include as there is more typing/text involved. For management purposes also 
it would also look ugly if you were just having one file purely  for 
session_start();

> From: p...@computer.org
> Date: Tue, 17 May 2011 13:01:19 +0200
> To: php-general@lists.php.net
> Subject: Re: [PHP] Session question
> 
> Paul Halliday wrote:
> 
> > Is it OK to have session_start as an include?
> > 
> 
> Yes.
> 
> 
> 
> -- 
> Per Jessen, Zürich (18.1°C)
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
  

Re: [PHP] Session question

2011-05-17 Thread Per Jessen
Paul Halliday wrote:

> Is it OK to have session_start as an include?
> 

Yes.



-- 
Per Jessen, Zürich (18.1°C)


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Session question

2011-05-17 Thread Paul Halliday
Is it OK to have session_start as an include?

I have something like this:

// Session init
session_start();

function sKill() {
session_destroy();
session_unset();
header ("Location: login.php");
exit();
}

function sInt() {
 header ("Location: login.php");
 exit();
}

if (!(isset($_SESSION['sLogin']) && $_SESSION['sLogin'] != '')) {
 sKill();
}

// Session variables
if (!isset($_SESSION['sUser']))  { sInt(); }  else { $sUser  =
$_SESSION['sUser'];}
if (!isset($_SESSION['sEmail'])) { sInt(); }  else { $sEmail =
$_SESSION['sEmail'];}
if (!isset($_SESSION['sType']))  { sInt(); }  else { $sType  =
$_SESSION['sType'];}
if (!isset($_SESSION['sTime']))  { sInt(); }  else { $sTime  =
$_SESSION['sTime'];}
if (!isset($_REQUEST['id'])) { $id = 0; } else { $id = $_REQUEST['id'];}

// Kill the session if the ids dont match.
if ($id != $_SESSION['id']) {
sKill();
}

// Kill the session if timeout is exceeded.
if (isset($_SESSION['LAST_ACTIVITY']) && (time() -
$_SESSION['LAST_ACTIVITY'] > $sTime)) {
sKill();
}

Can I just call this session.php and include it at the beginning of each file?

-- 
Paul Halliday
http://www.squertproject.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] session question

2007-03-05 Thread Stut

Alain Roger wrote:

the index.php page is the first page where user should logon.
it consists of 3 flags (english, french and slovak).
when use click on 1 flags, it reload the "index.php" page and changes the
login and password words by their relative translation into the flag 
country

selected.

if user click on LOGON button, therefore it calls the checklogin.php page
and ONLY if login and password are correct, the session is created by
session_start(); command.

I've read the $_SESSION array is available even if the session_start()
command has not been used.
but they told that variable stored in $_SESSION are not available to user
till session_start() has not been used...

in my case, they are available... :-(


2 possibilities...

1) The session.auto_start php.ini setting is On - this causes 
session_start to be called before each request is processed.


2) There is no session. Remember that $_SESSION is a variable just like 
any other. It just happens that it gets stored between page requests if 
session_start is called. There is nothing stopping you using that 
variable, but I highly doubt its contents are getting stored between 
requests if you're not calling session_start.


-Stut

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] session question

2007-03-05 Thread Alain Roger

the index.php page is the first page where user should logon.
it consists of 3 flags (english, french and slovak).
when use click on 1 flags, it reload the "index.php" page and changes the
login and password words by their relative translation into the flag country
selected.

if user click on LOGON button, therefore it calls the checklogin.php page
and ONLY if login and password are correct, the session is created by
session_start(); command.

I've read the $_SESSION array is available even if the session_start()
command has not been used.
but they told that variable stored in $_SESSION are not available to user
till session_start() has not been used...

in my case, they are available... :-(

Al



On 3/5/07, Ólafur Waage <[EMAIL PROTECTED]> wrote:


I have an "index.php" page which does not user session_start(); command.
> However in this " index.php" page, there are some $_SESSION['...'];
> variables
> stored.
>
How is it possible that $_SESSION['...']; works even if no session has
> been
> created before ?
>

If the page is redirected to from some other place?

- Ólafur W





--
Alain

Windows XP SP2
PostgreSQL 8.1.4
Apache 2.0.58
PHP 5


[PHP] session question

2007-03-05 Thread Alain Roger

Hi,

I have an "index.php" page which does not user session_start(); command.
However in this "index.php" page, there are some $_SESSION['...']; variables
stored.

How is it possible that $_SESSION['...']; works even if no session has been
created before ?
moreover, if i use a print "Session ID : ".session_id(); after those lines,
session_id() is empty (which is logical) as no session_start(); command has
been used before.

So, how is it possible that $_SESSION['..'] works ?

Do i have a session created or not ?

--
Alain

Windows XP SP2
PostgreSQL 8.1.4
Apache 2.0.58
PHP 5


[PHP] Session Question

2005-04-01 Thread James Sherwood
Hello,

Currently I have an app that handles connection from a machine with a built in 
web browser.  Commands from the remote on that machine are sent to the page via 
javascript.(I am not sure how, maybe the machine has api's for the browser or 
something)

The problem I am facing is the other input on that machine comes in on port 
4000 in ascii.

Is there a way to have those pages pick up these codes somehow 

OR

Is there a way to have a separate app monitor those ports(I know apache itself 
can monitor ports etc) and then talk to the current open page in a javascript 
action event?

Thank you in advance,
James

Re: [PHP] session question

2004-12-07 Thread Greg Donald
On Tue, 7 Dec 2004 11:50:58 -0500, Josh Howe <[EMAIL PROTECTED]> wrote:
> I've looked at the php session documentation, and it doesn't look like
> there's any way to run code when a session expires. I'd like to do some
> cleanup when a user's session expires, is there any way to trap this?
> Thanks.

You can define your own session handling functions with and override
PHP's default session handling with session_set_save_handler().  One
of the functions you would define would be the garbage collection
function.  Once created you can call this function whenever you like.


I wrote a drop-in replacement for PHP sessions that gives you what I
just described, it uses MySQL:

http://destiney.com/pub/php_db_sessions.tar.gz


There's also the database abstraction layer ADOdb which gives you
callback functionality in garbage collection:

http://adodb.sf.net/

The db driven, encrypted and bzip'd sessions are pretty nice too.


-- 
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] session question

2004-12-07 Thread Josh Howe

Hi,

I've looked at the php session documentation, and it doesn't look like
there's any way to run code when a session expires. I'd like to do some
cleanup when a user's session expires, is there any way to trap this?
Thanks. 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] PHP Session question. Please help!

2004-02-21 Thread Bon
Hi, I've got a session problem that I don't understand.

Here's the setup.  There are 2 frames, frame1 and frame2 (within frame1).

Frame1 is simply a static html page like the following:


  http://mysite.ca/blank.html"; name="topFrame" scrolling="NO"
noresize >
  http://mysite.ca/getPage.php?siteid=33&page=homepage";
name="mainFrame">


Frame 2 is the php file, namely getPage.php.  In this php file, it starts
the session and does some initialization to set the session variables.  The
php code is executed before any HTML code is outputted.  So the session
variables have been all set.  It looks something like this:


  
  


so $mypage is actually a dynamic string to another PHP page.

The problem is, this $mypage that frame2 opens depends on the session
variables that I've set at the beginning of frame2.  And I realized that the
session id of $mypage is not the same as that of frame2.  So the variables
will not load.  So if i call up frame1 on the browser, $mypage will not get
the session variables of frame2.

The funny thing is that if i simply load up the url
http://mysite.ca/getPage.php?siteid=33&page=homepage, i.e. the URL of
frame2, $mypage actually DOES get those variables and have the same session
id.

Although I've solved the problem using a hacked method (passing the session
id to $mypage using GET), I'm wondering if there's anything wrong with the
setup that causes the diverse outcomes.

Thanks for any kind of response.


Chris

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] session question

2003-10-14 Thread Jake McHenry
session_destroy() I'm pretty sure, from what I've read.

Jake McHenry
Nittany Travel MIS Coordinator
http://www.nittanytravel.com

> -Original Message-
> From: Frank Tudor [mailto:[EMAIL PROTECTED] 
> Sent: Tuesday, October 14, 2003 8:47 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] session question
> 
> 
> How do you make a session time out?
> 
> and how do you make a session end if a person leaves your site?
> 
> Frank
> 
> __
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product search 
http://shopping.yahoo.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] session question

2003-10-14 Thread Frank Tudor
How do you make a session time out?

and how do you make a session end if a person leaves your site?

Frank

__
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Session question

2003-10-14 Thread Susan Ator
What would cause the loss of a session in these circumstances:

php page with search form - session good
search form calls perl script
php page with search results - php wrapper for perl search form
displaying output - session good
php page gotten to from link on php search results page in perl
search form output - session lost | new SID set but SID cookie not displayed
when showing phpinfo. Same php page gotten to from another direction -
session good.

This is pretty slim as far as details go but it pretty much sums up the
problem.

Does anyone have any idea where the session information is getting hosed?

Thanks,

Susan

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] session question

2003-06-15 Thread Don Read

On 16-Jun-2003 Matt Palermo wrote:
> When a session is started on my server, it gets a name in the
> "sessiondata" folder like:
>  
> sess_8sjg4893m9d0j43847dk4o5l2
>  
>  
> I was just wondering if all sessions on ANY server start with "sess_"?
> Is this a PHP-wide default, or can it be changed (not that I want to
> change it, I just want to know if it can be changed)?
>  

localhost.root# grep -r sess_ *
ext/session/mod_files.c:#define FILE_PREFIX "sess_"

Modify session/mod_files.c & recompile.

 -- 
or you can try your own handler:

http://www.php.net/manual/en/function.session-set-save-handler.php


Regards,
-- 
Don Read   [EMAIL PROTECTED]
-- It's always darkest before the dawn. So if you are going to 
   steal the neighbor's newspaper, that's the time to do it.
  


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] session question

2003-06-15 Thread Matt Palermo
When a session is started on my server, it gets a name in the
"sessiondata" folder like:
 
sess_8sjg4893m9d0j43847dk4o5l2
 
 
I was just wondering if all sessions on ANY server start with "sess_"?
Is this a PHP-wide default, or can it be changed (not that I want to
change it, I just want to know if it can be changed)?
 
Thanks,
 
Matt


Re: [PHP] Session Question

2003-05-29 Thread Justin French
Register globals essentially takes the value of $_SESSION['foo'] and creates
$foo.  It does the same thing for GET, POST, COOKIES, etc.

The problem here is that you have no way of telling if $foo was a POST
variable, GET, SESSION, or whatever.  So, I can choose to append ?admin=1 to
one of your URLs, and if you do not do any checking or variable
initialising, it might be possible for me to fake myself as a user with
admin clearance, or anything else that would be considered a risk.

The super global arrays like $_SESSION exist, and can be used, regardless of
whether register globals is on or off.  If you start relying on
$_SESSION['foo'] rather than $foo, $_POST['bah'] instead of $bah and
$_GET['xyz'] instead of $xyz, you've made a great start.

You should be able to use $_SESSION right now, but be aware that the manual
says if you choose to use $_SESSION, then you should stop using functions
such as session_register().


The next logical step would be to manually turn off register globals for
your site, using a directory-level .htaccess file in your document root.  An
example of this file would be:

---

php_flag register_globals off

---

Do a whole bunch of testing on your LAN, make any changes you need to make
to your code, perhaps turn the error reporting to the highest level (E_ALL)
to see what warnings you get, then try the same on your live server.


Justin




on 29/05/03 3:18 AM, Pushpinder Singh Garcha ([EMAIL PROTECTED]) wrote:

> SInce register_globals() is ON on my server, I need to be able to
> figure out a way to ensure session security.
> Another question I had was that,  with register_globals() ON can I
> still use the $_SESSION to set my variables ? I want to avoid recoding
> the entire application, so I want to see what can be done to enhance
> security with the current setup.
> 
> Does the super-global array approach i.e. $_SESSION work, irrespective
> of the fact that REGISTER_GLOBALS is ON / OFF ?
> If I start setting session variables in the $_SESSION array from now
> on, will it improve the security of the session.  I am a newbie in PHP
> session handling and am sorry if any of the above questions sound
> extremely lame.
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] Session Question

2003-05-29 Thread Johnson, Kirk

> SInce register_globals() is ON on my server, I need to be able to 
> figure out a way to ensure session security.

The single most important thing to do is initialize all your variables. The
way to ensure that you have done that is to set the error reporting level to
"E_ALL" (which is max). The server will then report it if you use a variable
that hasn't yet been assigned a value.

Kirk

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] Session Question

2003-05-29 Thread Wim Paulussen
You should be able to use $_SESSION with register_globals on.


"
If you want your script to work regardless of register_globals, you need to
use the $_SESSION array. All $_SESSION entries are automatically registered.
If your script uses session_register(), it will not work in environments
where register_globals is disabled.
"
-Oorspronkelijk bericht-
Van: Pushpinder Singh Garcha [mailto:[EMAIL PROTECTED]
Verzonden: Wednesday, May 28, 2003 6:18 PM
Aan: Ernest E Vogelsinger
CC: [EMAIL PROTECTED]
Onderwerp: Re: [PHP] Session Question


Hello Ernest,

SInce register_globals() is ON on my server, I need to be able to
figure out a way to ensure session security.
Another question I had was that,  with register_globals() ON can I
still use the $_SESSION to set my variables ? I want to avoid recoding
the entire application, so I want to see what can be done to enhance
security with the current setup.

Does the super-global array approach i.e. $_SESSION work, irrespective
of the fact that REGISTER_GLOBALS is ON / OFF ?
If I start setting session variables in the $_SESSION array from now
on, will it improve the security of the session.  I am a newbie in PHP
session handling and am sorry if any of the above questions sound
extremely lame.

Thanks in advance,
--Pushpinder



On Wednesday, May 21, 2003, at 04:34 PM, Ernest E Vogelsinger wrote:

> At 21:51 21.05.2003, Pushpinder Singh Garcha said:
> [snip]
>> register_globals is ON on my site.
>
> You should really rethink this - have a look at
> http://www.php.net/manual/en/security.registerglobals.php
> http://www.php.net/manual/en/ref.session.php section "Sessions and
> Security"
>
> register_globals=on simply enables anyone injecting globals to your
> site:
> http://www.yoursite.com/myscript.php?valid_user=sam+spade
>
> To keep sessions secure, one might consider these steps:
>
> (1) Filesystem security:
> session.save_path points to a directoy owned and readable by the
> webserver
> user only:
> session.save_path=/tmp/php
> chown apache:apache /tmp/php
> chmod 700 /tmp/php
>
> (2) If security issues are high you may attempt to make sure that the
> session identifier - be it via cookie or via URL parameter - gets
> additional confirmation. I once used this approach: I am transmitting a
> random cookie (random name, random value) to the browser, making a
> note (in
> $_SESSION) of the cookie name and its value. When the session gets
> revisited check for the existence and the value of this cookie. If the
> values match construct another random cookie, having another name and
> another value (also sending header information to delete the old
> cookie).
> If the cookie doesn't match don't discard the session but merely
> redirect
> the browser to another URL (usually a login page), clearing the
> session ID
> if it was received it as cookie.
> This has a drawback - clients are forced to accept cookies, or the
> system
> wouldn't work at all. Thus you can only implement it where security is
> at
> risk, and where acceptance of the additional cookie can be enforced
> (extranet applications, for example).
>
> (3) As a last resort one can remember the client IP that must match
> for the
> same session. This is not secure at all, and it doesn't work with some
> AOL
> connections where client IPs change at will (by AOL using random
> proxies
> for every INet connection). You can however automatically rule out that
> method if the client IP stems from the AOL-assigned range.
>
> Keeping a very good eye on session security, sessions are the only
> thing
> where you can keep login data and access rights, just like you're
> doing it.
> I would only urge you NOT to use session_register() and
> session_is_registered(), but to use the $_SESSION[] superglobal to be
> absolutely sure you're using only data you yourself have put there,
> and not
> injected data.
>
>
> --
>> O Ernest E. Vogelsinger
>(\)ICQ #13394035
> ^ http://www.vogelsinger.at/
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Session Question

2003-05-29 Thread Pushpinder Singh Garcha
Hello Ernest,

SInce register_globals() is ON on my server, I need to be able to 
figure out a way to ensure session security.
Another question I had was that,  with register_globals() ON can I 
still use the $_SESSION to set my variables ? I want to avoid recoding 
the entire application, so I want to see what can be done to enhance 
security with the current setup.

Does the super-global array approach i.e. $_SESSION work, irrespective 
of the fact that REGISTER_GLOBALS is ON / OFF ?
If I start setting session variables in the $_SESSION array from now 
on, will it improve the security of the session.  I am a newbie in PHP 
session handling and am sorry if any of the above questions sound 
extremely lame.

Thanks in advance,
--Pushpinder


On Wednesday, May 21, 2003, at 04:34 PM, Ernest E Vogelsinger wrote:

At 21:51 21.05.2003, Pushpinder Singh Garcha said:
[snip]
register_globals is ON on my site.
You should really rethink this - have a look at
http://www.php.net/manual/en/security.registerglobals.php
http://www.php.net/manual/en/ref.session.php section "Sessions and
Security"
register_globals=on simply enables anyone injecting globals to your 
site:
http://www.yoursite.com/myscript.php?valid_user=sam+spade

To keep sessions secure, one might consider these steps:

(1) Filesystem security:
session.save_path points to a directoy owned and readable by the 
webserver
user only:
session.save_path=/tmp/php
chown apache:apache /tmp/php
chmod 700 /tmp/php

(2) If security issues are high you may attempt to make sure that the
session identifier - be it via cookie or via URL parameter - gets
additional confirmation. I once used this approach: I am transmitting a
random cookie (random name, random value) to the browser, making a 
note (in
$_SESSION) of the cookie name and its value. When the session gets
revisited check for the existence and the value of this cookie. If the
values match construct another random cookie, having another name and
another value (also sending header information to delete the old 
cookie).
If the cookie doesn't match don't discard the session but merely 
redirect
the browser to another URL (usually a login page), clearing the 
session ID
if it was received it as cookie.
This has a drawback - clients are forced to accept cookies, or the 
system
wouldn't work at all. Thus you can only implement it where security is 
at
risk, and where acceptance of the additional cookie can be enforced
(extranet applications, for example).

(3) As a last resort one can remember the client IP that must match 
for the
same session. This is not secure at all, and it doesn't work with some 
AOL
connections where client IPs change at will (by AOL using random 
proxies
for every INet connection). You can however automatically rule out that
method if the client IP stems from the AOL-assigned range.

Keeping a very good eye on session security, sessions are the only 
thing
where you can keep login data and access rights, just like you're 
doing it.
I would only urge you NOT to use session_register() and
session_is_registered(), but to use the $_SESSION[] superglobal to be
absolutely sure you're using only data you yourself have put there, 
and not
injected data.

--
O Ernest E. Vogelsinger
   (\)ICQ #13394035
^ http://www.vogelsinger.at/


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Re: [PHP] Session Question

2003-03-20 Thread Justin French
Hi,

A session is meant to exist on one domain...  You could pass the session to
another domain to *hold* for you:

secure
checkout

Then the secure domain would be responsible for remembering the old session
id, and passing it back to your site when finished...


Essentially, I think that each domain would have it's own session... it's
your job for each site to remember the other site's session when jumping
between the two.

Obviously this is only an issue when cookies aren't available.


Justin



on 21/03/03 5:18 AM, PHP List ([EMAIL PROTECTED]) wrote:

> Hi All,
> I have a question about sessions.
> I need to pass session data from one domain to a secure domain.
> (www.mydomain.com to www.securedomain.com).
> I would like to preserve the session data in case the visitor goes back to
> www.mydomain.com. I thought about just passing the session ID to
> www.securedomain.com, but if I need to destroy the session while the visitor
> is in www.securedomain.com, I am hoping this will also include destroying data
> from www.mydomain.com.
> Basically, I am talking about a shopping cart system. If the user decides to
> stop half way through the checkout on the secure site and continue shopping in
> the store, I want the cart to remain. But if the user completes the checkout
> process on the secure domain, their cart should be empty when going back to
> the original domain.
> 
> Thanks for any help.
> 
> Chris
> 
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.461 / Virus Database: 260 - Release Date: 3/11/2003


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Session Question

2003-03-20 Thread PHP List
Hi All,
I have a question about sessions.
I need to pass session data from one domain to a secure domain. (www.mydomain.com to 
www.securedomain.com).
I would like to preserve the session data in case the visitor goes back to 
www.mydomain.com. I thought about just passing the session ID to www.securedomain.com, 
but if I need to destroy the session while the visitor is in www.securedomain.com, I 
am hoping this will also include destroying data from www.mydomain.com.
Basically, I am talking about a shopping cart system. If the user decides to stop half 
way through the checkout on the secure site and continue shopping in the store, I want 
the cart to remain. But if the user completes the checkout process on the secure 
domain, their cart should be empty when going back to the original domain.

Thanks for any help.

Chris


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.461 / Virus Database: 260 - Release Date: 3/11/2003

[PHP] Session Question

2003-01-21 Thread Sancar Saran
Hi,
I'm working on a project. It uses large sql data to create pages. Last week I 
create some kind of cache info to create faster execution. It really works 
(system runs more than 10 times faster)

But stroring cache data is problem. I use the session to store cache info. 
With using cache data session files growing 60K, I think it can be 100K or 
more. 

I need advice about using large session data. Or is there any way to store 
large array (10 or more dimestion) into memory or someting.

Thanks.

Sancar "Delifisek" Saran.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




RE: [PHP] Session Question

2003-01-03 Thread Michael J. Pawlowsky


I use both...  and the way I see PHP handling it is like this...

First call in it will add the SESSID to the hrefs.
Next call (page load) if it finds the cookie it will not append SESSID to URL.
However if it doesn't it will.

There are a few instance were I need to get the SESSION ID and append them myself.

Redirects are a good example you need to add it yourself.

header("Location: http://mysite.org/index.php?PHPSESSID=$sid";);


Cheers,
Mike

P.S. This is just from my obeservation






*** REPLY SEPARATOR  ***

On 03/01/2003 at 1:52 PM [EMAIL PROTECTED] wrote:

>Sorry I didn't make myself more clear. I only want to use server side
>sessions. I don't want to have to rely on a client having cookies enabled
>in their browser. So far having trans_sid is just doing the trick. I can
>save values into sessions server side and not explicitly create a client
>side cookie with any values to retrieve the information.
>
>Thanks again,
>
>Ed
>
>
>On Fri, 3 Jan 2003, Ford, Mike   [LSS] wrote:
>
>> -Original Message-
>> From: [EMAIL PROTECTED]
>> To: [EMAIL PROTECTED]
>>
>>  Does php use cookies for sessions even if you don't explicitly use
>> cookie
>> functions to save session data server side?
>> --
>>
>> That question doesn't even make sense to me -- cookie functions can't
>save
>> data server side, for one thing!  Can you try to explain exactly what it
>is
>> you're trying to find out?
>>
>> Cheers!
>>
>> Mike
>>
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




RE: [PHP] Session Question

2003-01-03 Thread ed

 Sorry I didn't make myself more clear. I only want to use server side
sessions. I don't want to have to rely on a client having cookies enabled
in their browser. So far having trans_sid is just doing the trick. I can
save values into sessions server side and not explicitly create a client
side cookie with any values to retrieve the information.

Thanks again,

Ed


On Fri, 3 Jan 2003, Ford, Mike   [LSS] wrote:

> -Original Message-
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> 
>  Does php use cookies for sessions even if you don't explicitly use
> cookie
> functions to save session data server side?
> --
> 
> That question doesn't even make sense to me -- cookie functions can't save
> data server side, for one thing!  Can you try to explain exactly what it is
> you're trying to find out?
> 
> Cheers!
> 
> Mike
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




RE: [PHP] Session Question

2003-01-03 Thread Ford, Mike [LSS]
-Original Message-
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]

 Does php use cookies for sessions even if you don't explicitly use
cookie
functions to save session data server side?
--

That question doesn't even make sense to me -- cookie functions can't save
data server side, for one thing!  Can you try to explain exactly what it is
you're trying to find out?

Cheers!

Mike

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Session Question

2003-01-03 Thread Kevin Stone
In most cases, Yes.   Calling session_start() for the first time sets a
cookie on the client's computer containing the session id.  At the same time
the function creates a matching session file on the server.  You register
whatever variables you want to this file so that when you call
session_start() on another page it looks for the cookie, retrieves the
session id, and makes the associated variables in the file available to your
script.

I suggest you read the manual.  It's all there...
http://www.php.net/manual/en/ref.session.php

-Kevin

- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 03, 2003 11:10 AM
Subject: [PHP] Session Question


>
>  Does php use cookies for sessions even if you don't explicitly use cookie
> functions to save session data server side?
>
> TIA,
>
> Ed
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Session Question

2003-01-03 Thread ed

 Does php use cookies for sessions even if you don't explicitly use cookie
functions to save session data server side?

TIA,

Ed



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Session question

2002-05-25 Thread Jens Lehmann

> > Just be sure you call session_start() on any page you want to access
> > session variables.
> >
>
> I have to call this function on each page I use session variable or juste
> once ?

The statement is pretty clear. You've to call it once on each page you want
to access session variables.

>
> > This assumes the latest version of PHP. The procedure is similar on
> > older versions, you just have to use session_register().
>
> From wich version session_start() is include ?

Don't know what you want, but session_start() is part of PHP since version
4.0

Jens




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Session question

2002-05-25 Thread Christian Ista


> Just be sure you call session_start() on any page you want to access
> session variables.
>

I have to call this function on each page I use session variable or juste
once ?

> This assumes the latest version of PHP. The procedure is similar on
> older versions, you just have to use session_register().

>From wich version session_start() is include ?

Bye



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




RE: [PHP] Session question

2002-05-25 Thread John Holmes

Just be sure you call session_start() on any page you want to access
session variables. 

Then you can set a variable by doing

$_SESSION["myvariable"] = "hello";

and then you can use $_SESSION["myvariable"] anywhere you want. 

This assumes the latest version of PHP. The procedure is similar on
older versions, you just have to use session_register().

---John Holmes...

> -Original Message-
> From: Christian Ista [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, May 25, 2002 4:45 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Session question
> 
> Hello,
> 
> I'm a newbie in PHP, I use a lot ColdFusion (at work).
> 
> With ColdFusion, it's very easy to create and use session variable. I
do
> something like that :
>  and this variable can be use
> everywhere.
> 
> Could you tell me how that's work in PHP. I saw in help file
> session.start.
> But it's not very clear for me.
> 
> Thanks for your help,
> 
> Bye
> 
> 
> 
> 
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Session question

2002-05-25 Thread Christian Ista

Hello,

I'm a newbie in PHP, I use a lot ColdFusion (at work).

With ColdFusion, it's very easy to create and use session variable. I do
something like that :
 and this variable can be use
everywhere.

Could you tell me how that's work in PHP. I saw in help file session.start.
But it's not very clear for me.

Thanks for your help,

Bye





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] session question (4.1.1)

2002-01-03 Thread Jon Niola

I am trying to implement a user authentication/login system using PHP 4.x's 
built in session functions. Upon a successful login, there is a 
session_register('uid','uname','status'). On pages that require someone to 
be an authenticated user I check against HTTP_SESSION_VARS['uid'] to make 
sure it is not null, is greater then 0, and i also check the 
HTTP_SESSION_VARS['uname'].

This seemed to be working until I tried to see what would happen if I fed 
it a query string. I fed a "secure" 
page  ?action=edit&uid=3&uname=jon&status=true  and my check still failed 
me, but then when i went back to the same secure page without the bogus 
query string, I was in fact authenticated as the user i forced through.

Is it possible that global vars even if not registered via 
session_register() to end up the HTTP_SESSION_VARS array? I was under the 
impression that the OLY variables and values that would be in this array 
were those that were explicity registered via session_register().

Should i disable register_globals?

--Jon


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] session question: session.auto_start vs. session_register.

2001-12-05 Thread Jason G.

You may want to check out something like auto_prepend_file.  Look at the 
PHP configuration help.

I was thinking that you may be able to include your class definition there 
- IF auto_prepend_file IS INCLUDED BEFORE session.auto_start starts the 
session.

Otherwise, use auto_prepend_file to include a file that:
1. Inludes your class def
2. Starts your session.

Just my 2 Cents.

-Jason Garber
IonZoft.com


At 12:44 PM 12/5/2001 -0800, Kurt Lieber wrote:
>I am working on an open source e-commerce package and have hit a wall with
>sessions.
>
>If I have session.auto_start turned on, I get the following error message:
>
>Fatal error: The script tried to execute a method or access a property of an
>incomplete object. Please ensure that the class definition shoppingcart of
>the object you are trying to operate on was loaded _before_ the session was
>started in   on line 12
>
>If I turn session.auto_start off, the error disappears.
>
>So, the error message tells me that I can't use the class unless I've defined
>it before the session gets started.  However, session.auto_start (as far as I
>know) starts a session immediately, before even waiting for a script to be
>fully parsed & executed.  So, the two seem mutually exclusive. (but then the
>usefullness of session.auto_start would seem extremely limited)
>
>Is there a way
>
>I think there's some glaring errors in my understanding here.  Can someone
>help me fill in the holes?
>
>--kurt
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP] session question: session.auto_start vs. session_register.

2001-12-05 Thread Kurt Lieber

I am working on an open source e-commerce package and have hit a wall with 
sessions.

If I have session.auto_start turned on, I get the following error message:

Fatal error: The script tried to execute a method or access a property of an 
incomplete object. Please ensure that the class definition shoppingcart of 
the object you are trying to operate on was loaded _before_ the session was 
started in   on line 12

If I turn session.auto_start off, the error disappears.

So, the error message tells me that I can't use the class unless I've defined 
it before the session gets started.  However, session.auto_start (as far as I 
know) starts a session immediately, before even waiting for a script to be 
fully parsed & executed.  So, the two seem mutually exclusive. (but then the 
usefullness of session.auto_start would seem extremely limited)

Is there a way 

I think there's some glaring errors in my understanding here.  Can someone 
help me fill in the holes? 

--kurt


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP] SESSION question.

2001-08-17 Thread ERISEN, Mehmet Kamil

Hello,
I have implemented a user login with PHP Session functions.
THe problem I have is that if the user is logged in the
site using 
http://mysite.com/login.php and starts a session, the
session is not recognized when user is trying to utilize
the site with
http://www.mysite.com/dosomething.php

any suggestions?

thanks,
erisen.
ultrAslan.

=
Mehmet Erisen
http://www.erisen.com

__
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] Session Question

2001-07-15 Thread Rasmus Lerdorf

> Warning:
> fopen("/home/tgmalone/sessn-log/0bbaf33ab1c1f9d714e2244459979ec7.txt","a") -
> Permission denied in /home/tgmalone/public_html/index.php on line 17
>
> The problem is obvious, but I've been searching, searching and wracking my
> inadequate brain for a solution and can't find one - can anyone help me find
> a solution/workaround?

chmod a+w /home/tgmalone/sessn-log/



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP] Re:[PHP] Session Question

2001-07-15 Thread Tom Malone

Thanks Christopher!

I chmoded the directory to 777 like you said, and it worked fine, but then I
took your advice regarding security and put all the data in a MySQL
database. Thank you very much for your help!

Tom Malone


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] Session Question

2001-07-15 Thread Christopher Ostmo

Tom Malone pressed the little lettered thingies in this order...

> I'm new to Apache (and PHP) and was unable to find anything approaching an
> answer to this problem in the Apache documentation. In fact, I'm not even
> sure if I'm having a problem with Apache or with PHP. I am trying to use
> sessions to track users on my site and write information to a file. I'm not
> requiring them to login or anything - all I really want to know is which
> users are visiting different pages on my site so I can judge the
> effectiveness of my design. Anyway the problem is - I'm using the following
> script:
> 
>  session_start();
> session_register("origin");
> session_register("ip_address");
> session_register("browser");
> session_register("$id");
> $id = session_id();
> $origin = "$HTTP_REFERER";
> $ip_address = "$REMOTE_ADDR";
> $browser = "$HTTP_USER_AGENT";
> $sessn_root = "/***/sessn-log"; //substituted asteriks for actual path here
> if(!file_exists("$sessn_root/$id.txt")):
>  $sessn_data = "$id\n $ip_address\n $browser\n $origin\n";
> else:
>  $sessn_data = "$origin\n";
> endif;
> $fp = fopen("$sessn_root/$id.txt", "a");
> fputs($fp, $sessn_data);
> fclose($fp);
> $includes = "***/includes"; //substituted asteriks for actual path here
> $page = "$includes/index.inc"; include("$includes/template.html.php"); ?>
> 
> and i get the following error:
> 
> Warning:
> fopen("/home/tgmalone/sessn-log/0bbaf33ab1c1f9d714e2244459979ec7.txt","a")
> - Permission denied in /home/tgmalone/public_html/index.php on line 17
> 
> The problem is obvious, but I've been searching, searching and wracking my
> inadequate brain for a solution and can't find one - can anyone help me
> find a solution/workaround?
> 

The output file (or directory in this case) need to be writable by the web 
server.

This sort of operation is rather insecure, but if you must log to a text file, 
either make the output directory owned by the web server process 
(usually "nobody") or make the output directory world writable.

If you have root access and your httpd process is owned by "nobody" 
you can issue the following command from a prompt:
chown -R nobody /home/tgmalone/sessn-log

You must have root access to use chown.  If you do not have root 
access, you'll need to use chmod to make the directory world writable:
chmod -R 777 /home/tgmalone/sessn-log

Neither of these solutions is very secure.  If you have the option, you 
should log these entries into a database.

Good luck...

Christopher Ostmo
a.k.a. [EMAIL PROTECTED]
AppIdeas.com
Innovative Application Ideas
Meeting cutting edge dynamic
web site needs since the 
dawn of Internet time (1995)

Business Applications:
http://www.AppIdeas.com/

Open Source Applications:
http://open.AppIdeas.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP] Session Question

2001-07-14 Thread Tom Malone

I'm new to Apache (and PHP) and was unable to find anything approaching an
answer to this problem in the Apache documentation. In fact, I'm not even
sure if I'm having a problem with Apache or with PHP. I am trying to use
sessions to track users on my site and write information to a file. I'm not
requiring them to login or anything - all I really want to know is which
users are visiting different pages on my site so I can judge the
effectiveness of my design. Anyway the problem is - I'm using the following
script:



and i get the following error:

Warning:
fopen("/home/tgmalone/sessn-log/0bbaf33ab1c1f9d714e2244459979ec7.txt","a") -
Permission denied in /home/tgmalone/public_html/index.php on line 17

The problem is obvious, but I've been searching, searching and wracking my
inadequate brain for a solution and can't find one - can anyone help me find
a solution/workaround?

Thanks,
Tom Malone


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] session question

2001-06-22 Thread George Whiffen

Derick,

If you're seriously looking at thousands of concurent users
(let alone
millions) and the kind of budget on hardware and comms that
implies, 
then I'd suggest you seriously look at your own session
solution with MySQL or 
whatever.

You can perfectly easily just use your own authentication
against
your MysQL user base and pick up all their "session" data
from
the same table or related tables if there is a lot of it.

The basic logic for each page runs :

Is $PHP_AUTH_USER set?  If not send out an authenticate
header.

If $PHP_AUTH_USER is set pick out the user entry and
password from your MySQL
database and check the password, if it fails send back the
authenticate header.  Pick up all your session data while
you're
checking the password, so from one database query you've got 
everything sorted out.

Do whatever processing you need and just before sending back
the 
next bunch of html, update the user's record storing back
all the
session information.

That's session management for you.  The only advantage of
standard
session management tools like php's session management is
that you
can change what you store without making any database
changes.  But 
your volume of traffic you shouldn't expect to make any
quick and easy
changes to the logic of whatever you're doing.

It's not really a lot of work to do this and you do get
extra benefits
 in terms of flexibility over what session data is stored
for how long 
and in what format.  Basically you don't have a problem as
long as the user's 
don't have a lot of session data.  If they do have a lot of
session data, 
you've got a major storage/retrieval problem regardless of
your session
tool and you probably need to chuck a highly-tuned
customised database
structure at it anyway!!

Hope that helps,

George

> Moax Tech List wrote:
> 
> I am setting up a website with a need to use some sort of
> session management for a large amount of users. I cannot
> use typical file based session managment because at any
> given time there could be up to a million users logged in
> at once. (It is a LAMP linux/apache/php4/mysql system). I
> am a bit confused though as how to go about this. The user
> will be authenticated by verifying a username/password
> combo in a database, and then a session created.
> My question is this:
> After authentication, which type of session managment
> should I use? I mean, just do the standard php stuff with
> the session_ functions? (wo'nt this be bad with the # of
> simoltaneous users i need to support, because of the # of
> files on the server?) Or, shall I use something more
> complex like PHPLIB or create my own scheme using mysql?
> Is there any exisiting code/functions that can make
> creating my own scheme easier in order to support mysql or
> am i way off with this question? I just need a bit of
> direction here and any help is appreciated. Thanks!
> 
> -Derick

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] session question

2001-06-22 Thread Moax Tech List

I have the load balancing all setup, which is why i didn't want to use
normal file sessions.   I have one more question though, I read that
tutorial and got it to work perfect, it is too easy. I am just wondering, is
using a library like phplib more efficient or is this very efficient itself
(i mean are the built in functions pretty effieicnt)? That is my primary
concern because of the # of usersthanks again!

-derick
- Original Message -
From: "Peter Dudley" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 21, 2001 8:47 AM
Subject: Re: [PHP] session question


> There is a useful article here:
> http://phpbuilder.com/columns/ying2602.php3?page=1
>
> As to "up to a million users" logged in at once... don't you wantto have
> multiple redundant web servers running under a load balancer?  If the rest
> of your system can handle that many concurrent users, then I doubt PHP
> sessions will be much more of a strain on your system... unless you're
> storing some huge amount of data in each session.
>
> Pete.
>
> > ""Moax Tech List"" <[EMAIL PROTECTED]> wrote in message
> 00b101c0fa15$e47c4320$9865fea9@moax01">news:00b101c0fa15$e47c4320$9865fea9@moax01...
> > I am setting up a website with a need to use some sort of
> > session management for a large amount of users. I cannot
> > use typical file based session managment because at any
> > given time there could be up to a million users logged in
> > at once. (It is a LAMP linux/apache/php4/mysql system).
> > I am a bit confused though as how to go about this. The
> > user will be authenticated by verifying a username/password
> > combo in a database, and then a session created.
> > My question is this:
> > After authentication, which type of session managment
> > should I use? I mean, just do the standard php stuff with
> > the session_ functions? (wo'nt this be bad with the # of
> > simoltaneous users i need to support, because of the # of
> > files on the server?) Or, shall I use something more complex
> > like PHPLIB or create my own scheme using mysql? Is
> > there any exisiting code/functions that can make creating
> > my own scheme easier in order to support mysql or am i
> > way off with this question? I just need a bit of direction
> > here and any help is appreciated. Thanks!
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] session question

2001-06-21 Thread Peter Dudley

There is a useful article here:
http://phpbuilder.com/columns/ying2602.php3?page=1

As to "up to a million users" logged in at once... don't you wantto have
multiple redundant web servers running under a load balancer?  If the rest
of your system can handle that many concurrent users, then I doubt PHP
sessions will be much more of a strain on your system... unless you're
storing some huge amount of data in each session.

Pete.

> ""Moax Tech List"" <[EMAIL PROTECTED]> wrote in message
00b101c0fa15$e47c4320$9865fea9@moax01">news:00b101c0fa15$e47c4320$9865fea9@moax01...
> I am setting up a website with a need to use some sort of
> session management for a large amount of users. I cannot
> use typical file based session managment because at any
> given time there could be up to a million users logged in
> at once. (It is a LAMP linux/apache/php4/mysql system).
> I am a bit confused though as how to go about this. The
> user will be authenticated by verifying a username/password
> combo in a database, and then a session created.
> My question is this:
> After authentication, which type of session managment
> should I use? I mean, just do the standard php stuff with
> the session_ functions? (wo'nt this be bad with the # of
> simoltaneous users i need to support, because of the # of
> files on the server?) Or, shall I use something more complex
> like PHPLIB or create my own scheme using mysql? Is
> there any exisiting code/functions that can make creating
> my own scheme easier in order to support mysql or am i
> way off with this question? I just need a bit of direction
> here and any help is appreciated. Thanks!



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP] session question

2001-06-21 Thread Moax Tech List



I am setting up a website with a need to use some 
sort of session management for a large amount of users. I cannot use typical 
file based session managment because at any given time there could be up 
to a million users logged in at once. (It is a LAMP linux/apache/php4/mysql 
system). I am a bit confused though as how to go about this. The user will be 
authenticated by verifying a username/password combo in a database, and then a 
session created.
My question is this:
After authentication, which type of session 
managment should I use? I mean, just do the standard php stuff with the session_ 
functions? (wo'nt this be bad with the # of simoltaneous users i need to 
support, because of the # of files on the server?) Or, shall I use something 
more complex like PHPLIB or create my own scheme using mysql? Is there any 
exisiting code/functions that can make creating my own scheme easier in order to 
support mysql or am i way off with this question? I just need a bit of direction 
here and any help is appreciated. Thanks!
 
-Derick


[PHP] session question

2001-05-08 Thread Rodrigo Reis da Rocha

I have a question about session variables.
In my page the session variables are not seen by the pages where tem are not declared.
I´ve used "session_register(variable)" and so after at another page I´ve called "echo 
$variable;" and it generate a message that the variable does not exists.
The session variables are not suposed to be seen at any time, at any page when the 
param globals is set on while session stands up?


Tkx. 
R3.



RE: [PHP] session question

2001-05-08 Thread John Vanderbeck

Are you opening a session on each of the pages you want to use the
variables?

Calling session_register() I believe causes an implicit opening of the
session, but on the other pages you have to explicity open the session, or
you won't have access to those vars.

- John Vanderbeck
- Admin, GameDesign (http://gamedesign.incagold.com/)
- GameDesign, the industry source for game design and development issues


> -Original Message-
> From: Rodrigo Reis da Rocha [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 08, 2001 2:58 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] session question
>
>
> I have a question about session variables.
> In my page the session variables are not seen by the pages where
> tem are not declared.
> I´ve used "session_register($variable)" and so after at another
> page I´ve called "echo $variable;" and it generate a message that
> the variable does not exists.
> The session variables are not suposed to be seen at any time, at
> any page when the param globals is set on while session stands up?
>
>
> Tkx.
> R3.
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP] session question

2001-05-08 Thread Rodrigo Reis da Rocha

I have a question about session variables.
In my page the session variables are not seen by the pages where tem are not declared.
I´ve used "session_register($variable)" and so after at another page I´ve called "echo 
$variable;" and it generate a message that the variable does not exists.
The session variables are not suposed to be seen at any time, at any page when the 
param globals is set on while session stands up?


Tkx. 
R3.



Re: [PHP] session question

2001-04-04 Thread Plutarck

First use session_register(). Then give the variable a value.

So just rearrange your code, like this:



That should do it.


--
Plutarck
Should be working on something...
...but forgot what it was.


"Jan Grafström" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi!
> I am trying to learn about sessions and set up this file,
>
>   session_start();
>  $fillista = "fillista.xml";
>  session_register("SID"."fillista");
>  $SID = date("Y F j H:i:s");
>  print "SID=".$SID;
> ?>
>
> This seams not to work on the file fillista.xml, I can still read it
> afterwords in IE:s cache. How do I pass the session to a xml-file on
> server?
>
> Thanks for any help.
>
> Regards
> jan
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP] session question

2001-04-02 Thread Jan Grafström

Hi!
I am trying to learn about sessions and set up this file,



This seams not to work on the file fillista.xml, I can still read it
afterwords in IE:s cache. How do I pass the session to a xml-file on
server?

Thanks for any help.

Regards
jan


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] session question

2001-02-23 Thread Richard Lynch

> index.php where they log in from
>  session_start();  file://first line of file

Okay.

> ?>
> 
> 
> Username  

 ?  You been typing too much XML?... :-)

Shouldn't hurt.

> Password   />
>    
>
> code from main.php
>  session_register();

Register what?  You're supposed to register a variable name...

> require ("db.php");
> if $form_action == "lrlogin"
> {
> get_user($username,$password);
> }
> ?>
>
> code from db.php
>  session_start();

Doing this after you registered a variable is bogus -- The
session_register() automatically calls this if you haven't yet.

> SQL to select user info from db
> $access = $row[access_level]; file://etc getting vars from db
> session_register("username");
> session_register("password");
> session_register("access");
> session_register("active");
> header("Location:http://www.blah.com/index2.php?=".SID);

Doing session_start() (and, by extension, session_register()) in the same
file as a header("Location:") won't work on some browsers.  You'll either
get the cookie but no redirection or vice versa, depending on which browser
you are using.

And there should be a space after 'Location:'
And you probably need SID= for the SID to get passed on.
header("Location: http://www.blah.com/index2.php?SID=".SID);

> exit;
> ?>
>
> index2.php code
>  session_start();
>
> print "Welcome $username";
> ?>
>
> it only prints Welcome ...no username :(

--
Visit the Zend Store at http://www.zend.com/store/
Wanna help me out?  Like Music?  Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] session question

2001-02-23 Thread Chris Lee

some comments on sessions

- $PHPSESSID will only be set after the first page refresh.
- SID will only be set if your not using cookies.
- sessions with not transfer across multiple domain names.
- sessions without cookies will not transfer accross full urls.



use this code and

- sessions will transfer across full urls when using $SID
- sessions will transer across multiple domain names on the same server
using $SID
- both $PHPSESSID and $SID are set allways set.

remember that header redirects *require* full urls so you will have to use
$SID.

header("Location: http://$SERVER_NAME/index.php?$SID");


--

 Chris Lee
 Mediawaveonline.com

 ph. 250.377.1095
 ph. 250.376.2690
 fx. 250.554.1120

 [EMAIL PROTECTED]



""Jon Rosenberg"" <[EMAIL PROTECTED]> wrote in message
001301c09dc9$fc471c80$[EMAIL PROTECTED]">news:001301c09dc9$fc471c80$[EMAIL PROTECTED]...
> I have a form that submits to abc.php which then calls db.php and db.php
> then redirects to a new URL.  I have session_start(); on all these files
and
> I'm registering the variables I need.  It seems that the session dies or
> gets lost on it's way through all the included files.  I then tried to
pass
> the SID in the URL that the db.php file creates, but the SID is empty once
> it gets here...though, there is a SID befoer then.  Can sessions not be
used
> with multple include files?  What could I be doing wrong?  This is my
first
> forray into sessions...be gentle!
>
> thanks!
>
> Some code below, it's prettry straight forward.  I still have cookies
> enabled, as well.  Do I need to disable cookies for the SID in URL method
to
> work?
>
> index.php where they log in from
>  session_start();  //first line of file
> ?>
> 
> 
> Username  
> Password   />
>    
>
> code from main.php
>  session_register();
> require ("db.php");
> if $form_action == "lrlogin"
> {
> get_user($username,$password);
> }
> ?>
>
> code from db.php
>  session_start();
> SQL to select user info from db
> $access = $row[access_level]; //etc getting vars from db
> session_register("username");
> session_register("password");
> session_register("access");
> session_register("active");
> header("Location:http://www.blah.com/index2.php?=".SID);
> exit;
> ?>
>
> index2.php code
>  session_start();
>
> print "Welcome $username";
> ?>
>
> it only prints Welcome ...no username :(
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP] session question

2001-02-23 Thread Jon Rosenberg

I have a form that submits to abc.php which then calls db.php and db.php
then redirects to a new URL.  I have session_start(); on all these files and
I'm registering the variables I need.  It seems that the session dies or
gets lost on it's way through all the included files.  I then tried to pass
the SID in the URL that the db.php file creates, but the SID is empty once
it gets here...though, there is a SID befoer then.  Can sessions not be used
with multple include files?  What could I be doing wrong?  This is my first
forray into sessions...be gentle!

thanks!

Some code below, it's prettry straight forward.  I still have cookies
enabled, as well.  Do I need to disable cookies for the SID in URL method to
work?

index.php where they log in from



Username  
Password  
   

code from main.php


code from db.php
http://www.blah.com/index2.php?=".SID);
exit;
?>

index2.php code


it only prints Welcome ...no username :(


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] PHP Session question

2001-02-19 Thread Richard Lynch

Did you recompile and forget to include --enable-trans-sid?...

What does  have to say about how you compiled PHP?

--
Visit the Zend Store at http://www.zend.com/store/
Wanna help me out?  Like Music?  Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm
- Original Message -
From: "Yev" <[EMAIL PROTECTED]>
Newsgroups: php.general
Sent: Saturday, February 17, 2001 12:26 PM
Subject: [PHP] PHP Session question


> Hi,
>
> I enabled sessions via session.auto_start feature, and attempting to
> simulate sessions when a user has disabled cookies.  I remember it used to
> automatically append SESSIONID= to every href, etc.. (I compiled
> with --enable-trans-sid), but now it doesn't append it.
>
> What am I missing?
>
> Thanks in advance,
> Yev
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP] PHP Session question

2001-02-17 Thread Yev

Hi,

I enabled sessions via session.auto_start feature, and attempting to
simulate sessions when a user has disabled cookies.  I remember it used to
automatically append SESSIONID= to every href, etc.. (I compiled
with --enable-trans-sid), but now it doesn't append it.

What am I missing?

Thanks in advance,
Yev


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re[2]: [PHP] session question

2001-01-31 Thread Max A. Derkachev

Hello Teodor,

Wednesday, January 31, 2001, 10:49:34 AM, you wrote:

TC> Hi Mark!
TC> On Wed, 31 Jan 2001, Mark Green wrote:

>> How about this:
>> 
>>  session_start();
>>  session_register($funky_session_var);
>>  $funky_session_var ++;
>>  print $funky_session_var;

TC> the order doesn't matter (as it did in PHPLib sessions).
TC> If it doesn't work I guess it's because you have register_globals off.

First, I believe the variable should be initialized first (even in
favour of common sense), and then registered.
Second, session_register($funky_session_var) gives your nothing (if
not an error). You should session_register('funky_session_var')
instead (the NAME of the variable, not the variable itself).




-- 
Best regards,
Max A. Derkachev mailto:[EMAIL PROTECTED]
Symbol-Plus Publishing Ltd.
phone: +7 (812) 324-53-53
http://www.Books.Ru -- All Books of Russia
 



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] session question

2001-01-30 Thread Teodor Cimpoesu

Hi Mark!
On Wed, 31 Jan 2001, Mark Green wrote:

> How about this:
> 
>  session_start();
>  session_register($funky_session_var);
>  $funky_session_var ++;
>  print $funky_session_var;

the order doesn't matter (as it did in PHPLib sessions).
If it doesn't work I guess it's because you have register_globals off.

-- teodor

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] session question

2001-01-30 Thread Mark Green

How about this:

 session_start();
 session_register($funky_session_var);
 $funky_session_var ++;
 print $funky_session_var;


Cheers,

^^@rk

Peter Van Dijck wrote:
> 
> Hi,
> help: shouldn't this increase the number every time you reload the page?
> 
> session_start();
> $funky_session_var ++;
> session_register($funky_session_var);
> print $funky_session_var;
> 
> Peter
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP] session question

2001-01-30 Thread Peter Van Dijck

Hi,
help: shouldn't this increase the number every time you reload the page?

session_start();
$funky_session_var ++;
session_register($funky_session_var);
print $funky_session_var;

Peter


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]