On Wed, Jul 22, 2009 at 1:19 PM, Dare Williamsdarrenwi...@yahoo.com wrote:
Dear Forums,
Kindly advice me professionally because, am getting more confused on what to
do about my application that needed to be online very soon.
The fear is about Session and Authentication.
Here are my
Dear Dare,
I would recommend you to get the free copy of *chapter 10: Security from
Zend Certification Study guide* by Ben Ramsey Davey Shafik at
www.zceguide.com
shorter tips:
1. You can apply session_regenerate_id() to prevent *session riding*
or *session
fixation*
2. You can keep
, PostregreSQL;
Today PHP, tomorrow Java, after the world.
Kyou wa PHP, ashita wa Java, sono ato sekai desu.
Date: Wed, 22 Jul 2009 10:19:44 -0700
From: darrenwi...@yahoo.com
To: php-general@lists.php.net
Subject: [PHP] Session Confusion.
Dear Forums,
Kindly advice me professionally because
On 14 April 2004 17:53, Paul Fine wrote:
Thanks guys but I have register globals ON so once the
session variable is
defined I should be able to address it without specifying $_SESSION ?
I don't think the documentation is clear on this point -- it may be that the
association between the global
Actually for me it isn't unclear at all:
The (super-) global variables are created when php starts working on
your script.
That pesky function/ini parameter (register_globals=on) is just a
replacement for an extract() on each of the global vars just then.
Whatever you do later with any of the
Any help with this would be appreciated. the p and v lnames are posted from
a form. In the form, the user seperates last names with a /. What I can't
understand is why Test1 shows as nothing, while Test2 shows the value I
wanted. Thanks a lot!
$p_lnames= explode(/, $p_lnames);
BOOT mailto:[EMAIL PROTECTED]
on Wednesday, April 14, 2004 9:40 AM said:
What I can't understand is why Test1 shows as nothing, while
Test2 shows the value I wanted. Thanks a lot!
[snip]
$_SESSION['element_countp'] = count($p_lnames);
echo TEST 1.$element_countp;
$element_countp =
On 14 April 2004 17:40, BOOT wrote:
Any help with this would be appreciated. the p and v lnames are
posted from a form. In the form, the user seperates last names with a
/. What I can't understand is why Test1 shows as nothing, while
Test2 shows the value I wanted. Thanks a lot!
] Session confusion again :( - Thanks!
BOOT mailto:[EMAIL PROTECTED]
on Wednesday, April 14, 2004 9:40 AM said:
What I can't understand is why Test1 shows as nothing, while
Test2 shows the value I wanted. Thanks a lot!
[snip]
$_SESSION['element_countp'] = count($p_lnames);
echo TEST 1
'Chris W. Parker' [EMAIL PROTECTED] elucidated:
Thanks guys but I have register globals ON so once the session variable is
defined I should be able to address it without specifying $_SESSION ?
WHERE do you have it on? Most sites now have it turned off for VERY valid security reasons. If you are
Yes in php.ini. I never bothered turning off as (a) I did not take the time
to understand the implications and (b) my project is only for internal
network use anyway.
So I went and turned them off. Now of course my pages don't work properly. I
guess I have to go through all my code and address
BOOT mailto:[EMAIL PROTECTED]
on Wednesday, April 14, 2004 12:17 PM said:
So I went and turned them off. Now of course my pages don't work
properly. I guess I have to go through all my code and address the
variables properly ie. $_POST and $_SESSION?
no.
just assign them at the beginning
But if I want to use $username accross many pages then I will have to make
it a session variable and call it as such on each page like
$_SESSION['username']
Thanks again!
Chris W. Parker [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
BOOT mailto:[EMAIL PROTECTED]
on Wednesday,
BOOT mailto:[EMAIL PROTECTED]
on Wednesday, April 14, 2004 12:37 PM said:
But if I want to use $username accross many pages then I will have to
make it a session variable and call it as such on each page like
$_SESSION['username']
correct.
c.
--
PHP General Mailing List
I have a file called sessionvars.php that I require() as the very first
thing on all my pages, it has
session_register(blah...) and about 40 or 50 variable names after that.
sometimes I am seeing behavior where a form on one page that references a
session variable doesn't carry over the change
Ok these sessions have got me all confused, I need to have two seperate
sessions one for when a user signs up, to stop them using there back button
and inadvertantly signing up twice. And then one when they login. Both of
them work great as standalone but if say I went and log into my account
: Friday, March 23, 2001 10:47 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Session Confusion
Ok these sessions have got me all confused, I need to have two seperate
sessions one for when a user signs up, to stop them using there back button
and inadvertantly signing up twice. And then one when they login
If that's a copy of your code, you might want to check the if($SET=1)
line...that will always return true, because you're setting a variable, not
checking for equality...should be if($SET==1) instead
jack
Ooops ok put that bit right, I should really know better :-) but it still
doesn`t
Hi,
All the session functions check to see if you have a session running first
before starting a session, to prevent you from starting two sessions by
accident. If for some reason you want to start another session, you can do
that by supplying your own session id to the function session_start()
Hi,
Just to explain a point on my previous post:
If at the top of your page that processes the registration info, you
include:
session_start();
session_register("is_registered");
is_registered="yes";
and then use this test:
if($PHPSESSID)
{
warning, redirect to login
}
else
{
record info,
20 matches
Mail list logo
