Hi Gurus
I am basically sorry that I have to bother you about this. I am a PHP
beginner and I have been studying sessions and cookies over the last few
weeks. I have learned lots, but I am missing the big picture.
Is it like this:
1. user comes to site
2. user does something (e.g. a search) that may be useful later => session
is started and cookie is planted on the users computer, containing only the
session ID
3. each page now has session_start in it
4. user is asked to log-in to access more stuff (the session now identifies
the user to allow only certain people in certain places).
5. when the user comes back later the cookie may recognise him or her as the
one from last time (how and where do you retain the person's information if
the session is lost - can that be done in a MySql database?)
6. Alternative, the user can log-in (session was saved in a MySql Database
in that case...)
I start almost all my pages like this:
session_start() ;
ini_set('sessio n.cache_limiter ', 'private');
include_once("_ connectToDBFile .php"); // contains dbcon function
$dbcheck = dbcon(); // connects to Mysql Database
What does the second line mean (I have no idea!)
Also, right now, I pass the session ID in the URL. In an earlier question,
people told me that this is necessary, but some others have told me this is
not necessary. For your information, I store variables in my session like
- name
- email address
- other contact details
so that if people fill in a form (there are lots on the site) then they do
not have to retype it.
I also store people's searches on the site, so that they can go back to
previous searches, and I allow them to create "a basket" with items.
Ideally, I would like to store each person's session in the mysql database
so that I can analyse how the site is used and so that people can come back
later to their site. because the site is mainly for travellers, i am not
sure how useful cookies are going to be. I prefer them to sign in (using
their email and a password).
Any comments on my ideas and understanding of how it all works are greatly
appreciated.
Thank you
Nicolaas
1  2822 
>I am basically sorry that I have to bother you about this. I am a PHP beginner and I have been studying sessions and cookies over the last few
weeks. I have learned lots, but I am missing the big picture.
Is it like this:
1. user comes to site
2. user does something (e.g. a search) that may be useful later => session
is started and cookie is planted on the users computer, containing only the
session ID
3. each page now has session_start in it
The page had better have session_start in it well before the
user shows up. Usually you finish designing the site before
users are allowed into that section.
4. user is asked to log-in to access more stuff (the session now identifies
the user to allow only certain people in certain places).
At this point, if you want to, you can tie the user's session to his
login, and log this fact in a database.
5. when the user comes back later the cookie may recognise him or her as the
one from last time (how and where do you retain the person's information if
the session is lost - can that be done in a MySql database?)
If the user logs in, you can tie the session to his login.
There are other ways to tie together disconnected sessions that are
less reliable, such as combinations of IP address, browser type,
stuff the user enters such as address or credit card number, etc.
Site customization (like preferences, saved searches, personal information,
messages, etc.) is probably better associated with a user's login rather than
a session because this information is expected to last more than one
session. Information kept over a short period of time (like entries on
page 1 of a form while the user is filling in page 3, current shopping
basket contents, etc.) is probably better kept with the session (which
doesn't rule out logging it also).
Incidentally, you can put a session save handler in that saves
sessions in a MySQL database rather than a bunch of small files.
This (or something similar) is necessary if you use round-robin
redundant web servers (so all the hits for a session are not
necessarily to the same server) but session info is supposed to be
kept consistent anyway.
6. Alternative, the user can log-in (session was saved in a MySql Database
in that case...)
I start almost all my pages like this:
session_start( );
ini_set('sessi on.cache_limite r', 'private');
It does something along the lines of telling the browser not to
cache the page, so you get a server hit for every page view,
and perhaps so the user can't go back to it with the "BACK" button.
include_once(" _connectToDBFil e.php"); // contains dbcon function
$dbcheck = dbcon(); // connects to Mysql Database
What does the second line mean (I have no idea!)
Also, right now, I pass the session ID in the URL. In an earlier question,
people told me that this is necessary, but some others have told me this is
not necessary.
It's necessary for sessions to work for users who do NOT accept
cookies. See trans_sid for an adaptive way to use the session ID
in the URL automatically if the user does not accept cookies,
but leave it out otherwise.
*IF* there are security issues, putting the session ID in the URL
makes it a bit easier to snoop the session ID. Expiring sessions
is one way to reduce this (a snooped session ID that is too old is
treated as a new session, and the saved data discarded). Some sites
have serious security issues (snooping a session ID could result
in letting the snooper charge something to the user's credit card,
or expose his medical info). Some do not (snooping a session ID
could expose the user's preferred screen layout for the site).
- name
- email address
- other contact details
so that if people fill in a form (there are lots on the site) then they do
not have to retype it.
I also store people's searches on the site, so that they can go back to
previous searches,
This kind of information might be more appropriately stored in a
database and associated with a user's login, not the session.
and I allow them to create "a basket" with items.
This probably goes with the session until the user buys something,
unless you're logging every detail like what he put in the basket
and then took out.
Consider what happens if the user is logged in *TWICE* under the
same login (even if you really want to prohibit this - this is a
mental exercise to consider where the data should go). Shopping
baskets become unmanagable if two different people can add and
delete stuff from the same baskets. History probably should
be combined.
Ideally, I would like to store each person's session in the mysql database
so that I can analyse how the site is used and so that people can come back
later to their site.
It is quite possible to log every hit to a PHP page in a mysql logging
table, storing whatever information you want (session, login, what
page it was, time, stuff user entered, etc.).
because the site is mainly for travellers, i am not
sure how useful cookies are going to be. I prefer them to sign in (using
their email and a password).
Cookies are useful for the short term (tying together accesses in
what a user might call a session: one period of sitting at the
computer using the site. They are less useful for tying together
separated accesses (days, weeks, or months apart).
Gordon L. Burditt This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: TG |
last post by:
This is more of a pain than I thought it would be. I need a simple code
segment to determine whether a browser accepts cookies or not. When I pass
variables between pages when cookies are turned off, the global variables
are empty between pages, fine, that tells me cookies store the global
variables - right? I store the values in $_session and when cookies are
turned on values are passed between web pages - I can see these values in
fields...
|
by: Tom |
last post by:
Hi,
I would like to use the standard PHP sessions and I understand they rely on
the target web browser to support session cookies.
I have tried the following code:
<?
session_start();
if (!session_id()) { //no support for session
|
by: Amit D.Shinde |
last post by:
Hello Experts..
I need some help regarding cookies and session objects and also
global.asa file
I am creating one cookie when a user logs in on my website.
The cookie stores the login name of the user. I want that cookie
should get deleted when user closes the browser without signing out.
I think it is done in global.asa file . But i don;t know how to do it?
|
by: |
last post by:
Its strange...I have experimenting with browser hawk by using the cookie
sniffer method. However, even If adjust the security slider level in
internet options or goto advanced in the privacy tab I cannot seem to prove
the condition below....it is almost as if cookies don't want to die in my
testing environment.
I did try closing the browser and relaunching but cookies and session ids
seem alive and well....is this the usual hassle with...
|
by: Marcus |
last post by:
I know that when you start a session in PHP, the "cookie" it creates is
not the same as those that are stored in your browser's temp folder, and
instead is kept in RAM. I am confused because in every session tutorial
I have ever read, the author invariably mentions the 2 main ways of
propagating sessions - through cookies and appended to the URL. The
author also almost always talks about the method being dependent on the
user's...
| | |
by: Atte André Jensen |
last post by:
Hi
I'm developing a site where I'd like to store information during a users
visit. So far I've been using sessions, but as far as I can tell it's
not possible to control for how long a session is valid. It seems that
these information are valid until the browser closes.
On the other hand it's possible to set expiration time for cookies.
Does this mean that I have to abanbon $_SESSION altogether and switch to
|
by: Paul |
last post by:
Here is a question that should get everyone going.
I have an ecommerce site where I need to pass the order_id to every page. So
which method is the best practice to pass this variable between pages:
Cookies or Session variable or by the HTTP header (either GET querystring or
POST form)?
I do not like to use sessions because they time out after 20 minutes of
inactivity.
|
by: jheines |
last post by:
I am trying to explain how cookies and sessions work in a class I teach, but I have hit a wall when it comes to the interaction between cookies and the state of the privacy settings in Internet Explorer. I would appreciate any help anyone can offer, please.
First, consider the following very simple JavaScript function:
function CookiesEnabled() {
SetCookie( "testcookie", "testcookie" ) ;
var bCookiesEnabled =
( GetCookie(...
|
by: Chuck Anderson |
last post by:
I've instituted a sessions based scheme on my web site to combat hot
linking to my images. When someone requests a page at my site, I set a
session variable. I then use htaccess to redirect *all* image requests
to a Php script that checks for that variable before simply delivering
the image. Direct links to my images will fail this test and no image
is served.
I am monitoring my script by sending emails to myself and finding that...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
