[PHP] re: session question
Nevermind... I don't know what the problem is yet but it's not the folder. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: session question
ORIGINAL # I have an "index.php" page which does not user session_start(); command. However in this "index.php" page, there are some $_SESSION['...']; variables stored. How is it possible that $_SESSION['...']; works even if no session has been created before ? moreover, if i use a print "Session ID : ".session_id(); after those lines, session_id() is empty (which is logical) as no session_start(); command has been used before. So, how is it possible that $_SESSION['..'] works ? Do i have a session created or not ? END ORIGINAL If you treat $_SESSION['username'] as a variable and set its value and then print it or check it. It will display the value but value will not be maintained for the next pages e.g. for index.php you dont use session_start() but you do the follow $_SESSION['username']="some value"; echo $_SESSION['username']; //this will print "some value" So, in your case it is possible that some page is being included that is starting a session or setting up variable. -- Regards Fahad Pervaiz www.ecommerce-xperts.com (Shopping Cart Applications, Framework for Multilingual Web Sites, Web Designs) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: session question (4.1.1)
how did u check? with a if? u should use the session_is_registered function instead,
http://www.php.net/manual/en/function.session-is-registered.php
if(!session_is_registered(\"user\")){
print \"invalid user\";
exit;
}
// your other code here
and yes, turning off register globals is a good idea :)
>I am trying to implement a user authentication/login system >using PHP 4.x\'s
>built in session functions. Upon a successful login, there >is a
>session_register(\'uid\',\'uname\',\'status\'). On pages that >require someone to
>be an authenticated user I check against >HTTP_SESSION_VARS[\'uid\'] to make
>sure it is not null, is greater then 0, and i also check the
>HTTP_SESSION_VARS[\'uname\'].
>This seemed to be working until I tried to see what would >happen if I fed
>it a query string. I fed a \"secure\"
>page ?action=edit&uid=3&uname=jon&status=true and my check >still failed
>me, but then when i went back to the same secure page >without the bogus
>query string, I was in fact authenticated as the user i >forced through.
>
>Is it possible that global vars even if not registered via
>session_register() to end up the HTTP_SESSION_VARS array? I >was under the
>impression that the OLY variables and values that would be >in this array
>were those that were explicity registered via >session_register().
>
>Should i disable register_globals?
>
>--Jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: session question: session.auto_start vs. session_register.
session.auto_start is only usefull when not using classes as session variables. because a class must be defined before it can be created (or brought back to life from a session) it must be defined, this cant be done with session.auto_start. I dont use session.auto_start. I find the ability to use class's as session variables much more handy. -- Chris Lee [EMAIL PROTECTED] "Kurt Lieber" <[EMAIL PROTECTED]> wrote in message E16Bitf-00049T-00@z8">news:E16Bitf-00049T-00@z8... > I am working on an open source e-commerce package and have hit a wall with > sessions. > > If I have session.auto_start turned on, I get the following error message: > > Fatal error: The script tried to execute a method or access a property of an > incomplete object. Please ensure that the class definition shoppingcart of > the object you are trying to operate on was loaded _before_ the session was > started in on line 12 > > If I turn session.auto_start off, the error disappears. > > So, the error message tells me that I can't use the class unless I've defined > it before the session gets started. However, session.auto_start (as far as I > know) starts a session immediately, before even waiting for a script to be > fully parsed & executed. So, the two seem mutually exclusive. (but then the > usefullness of session.auto_start would seem extremely limited) > > Is there a way > > I think there's some glaring errors in my understanding here. Can someone > help me fill in the holes? > > --kurt > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: SESSION question.
You should be able to configure Apache to force the www. to appear, no matter what they type, or to keep using what they typed, if you didn't use any full URLs. -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm - Original Message - From: Mehmet Kamil Erisen <[EMAIL PROTECTED]> Newsgroups: php.general To: <[EMAIL PROTECTED]> Sent: Friday, August 17, 2001 6:05 PM Subject: SESSION question. > Hello, > I have implemented a user login with PHP Session functions. > THe problem I have is that if the user is logged in the > site using > http://mysite.com/login.php and starts a session, the > session is not recognized when user is trying to utilize > the site with > http://www.mysite.com/dosomething.php > > any suggestions? > > thanks, > erisen. > ultrAslan. > > = > Mehmet Erisen > http://www.erisen.com > > __ > Do You Yahoo!? > Make international calls for as low as $.04/minute with Yahoo! Messenger > http://phonecard.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
