Re: [PHP] php sessions question
Reinhart Viane wrote:
in a page checkuser i do this after the user is logged in:
PHP Code
// Register some session variables!
session_register('userid');
$_SESSION['userid'] = $userid;
session_register('first_name');
$_SESSION['first_name'] = $first_name;
session_register('last_name');
$_SESSION['last_name'] = $last_name;
session_register('email_address');
$_SESSION['email_address'] = $email_address;
session_register('user_level');
$_SESSION['user_level'] = $user_level;
You should only save the userId in the session, everything else should
be retrieved from your database using that id.
Now let's say user 1 logs in, his session is registered (with userid from
database is 5 and first_name is XXX)
Then another user logs in, again his session is registered (with userid from
database is 1 and first_name is YYY)
Are both user's in the same computer? then there may be a question about
the old cookie being sent back to the server (if it's expiration time
has not been exceeded). If the users are not using the same computer the
chances are you have a bug in your code.
Now user 1 leaves the pages (closes the browser) and user 2 uploads a
document (with my own script).
When the document is succesfully uploaded i display this:
PHP Code
echo ($_SESSION['first_name'])., the document has been succesfully
added;
echo ($_SESSION['userid']);
This results in the folowing output:
YYY, the document has been succesfully added
5
Meaning the $_SESSION['first_name'] is correct, but the $_SESSION['userid']
is the one of the user who logged out...
Now when using user_id in all places it seems to work correctly...
Is userid something that is defined by the server when making sessions?
no.
If not, i don't have any clue what is going wrong...
Can someone help me on this? So i know what is wrong?
Thx in advance
Pout
--
Raditha Dissanayake.
http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload
Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader
Graphical User Inteface. Just 128 KB | with progress bar.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions question
In message [EMAIL PROTECTED], raditha dissanayake
[EMAIL PROTECTED] writes
Reinhart Viane wrote:
in a page checkuser i do this after the user is logged in:
PHP Code
// Register some session variables!
session_register('userid');
$_SESSION['userid'] = $userid;
session_register('first_name');
$_SESSION['first_name'] = $first_name;
session_register('last_name');
$_SESSION['last_name'] = $last_name;
session_register('email_address');
$_SESSION['email_address'] = $email_address;
session_register('user_level');
$_SESSION['user_level'] = $user_level;
You should only save the userId in the session, everything else should
be retrieved from your database using that id.
I normally do as you have suggested here - but why do you suggest that
this method is better?
--
Pete Clark
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions question
Pete wrote: You should only save the userId in the session, everything else should be retrieved from your database using that id. I normally do as you have suggested here - but why do you suggest that this method is better? One reason is for security. You cannot ever rule out the possibility of a user injecting someone else's data into the session to get access to information that he should not have. Of course he can fake the userid too. That's why each time you retrieve the userid from the session you should check if that id has been logged in. I do this (so do many others) by keeping two column table with session id and userid in it. -- Raditha Dissanayake. http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader Graphical User Inteface. Just 128 KB | with progress bar. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php sessions question
I normally do as you have suggested here - but why do you suggest that this method is better? One reason is for security. You cannot ever rule out the possibility of a user injecting someone else's data into the session to get access to information that he should not have. Of course he can fake the userid too. That's why each time you retrieve the userid from the session you should check if that id has been logged in. I do this (so do many others) by keeping two column table with session id and userid in it. -- Raditha Dissanayake. Do you have an example or dou you know of any tutorials where this method is used? Thx Reinhart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions Question
It could be a case that your provider is load balancing across several machines. If they are, and they aren't storing the session data in a central location, then that might account for the issue. That would explain the intermittent failure. The user might be making keepalive requests to the same box and being ok, and then get bounced once it hits a machine that doesn't have the session data... You might ask them about it... Tim. At 09:43 PM 7/8/2004, Ed Lazor wrote: What kind of problems could be happening server-side that would result in PHP sessions randomly disappearing? And, is there a way to log or track this information? Oh, and best of all, any recommendations on solutions? I have a PHP / MySQL application that's been running at a host provider for almost a year now. PHP sessions are used to track logged in users, For example, $_SESSION[UserID]. If the UserID isn't stored as a session variable, the user must not be logged in, so prompt them with a login screen. Most recent updates were made last week and everything has been working fine until this afternoon. Session data is somehow being lost. It seems random. A person will be logged in and navigating through the site when they suddenly get a login screen. They'll log back in and continue navigating for a little while when it will happen again - sometimes within seconds and othertimes within minutes. Sometimes it won't even happen for 30 minutes and then it suddenly begins to occur again. Thanks in advance for any ideas or recommendations that I can forward to my hosting provider on how to fix the problem. -Ed SimpleNet's Back ! http://www.simplenet.com
