Hi Folk
Forgive me for asking such a basic question... I have a site where I want to
track the user from start till end... To do this, I have setup the
following structure for each page, referring to startup.php, where the
session is managed. Can anyone check that I am doing it right. I thought I
was doing it right, but then the site started doing really, really funny
stuff, basically loosing track of sessions ...
I want my application to be as portable as possible, so I want to override
all the php.ini values that are important.
Thanks in advance (TIA)
- Nicolaas
<?php
include_once("s tartup.php");
if ( !startup( ) ) {
die("could not load application");
}
...
...//page content here
...
echo '<a href="testme.ph p?'.sid(false). '">link one on the page</a>';
echo '<a href="testme.ph p?a=3'.sid(true ).'">link two on the page</a>';
....
....//more page content here
....
?>
/*startup.php file: */
//function to start session
function startup() {
$expiry = 60 * 60 * 24 * 1000;
ini_set('sessio n.cache_limiter ', 'nocache');
ini_set('sessio n.use_trans_sid ', 1);
ini_set('arg_se parator.output' , "&");
ini_set('sessio n.use_cookies', 1);
ini_set('sessio n.use_only_cook ies', 0);
setcookie("Cook ieTest", "t"); //set a cookie so next time we know if the
user can do cookies
ini_set('sessio n.cookie_lifeti me', $expiry);
session_start() ;
}
//function to include session ID in case they do not accept cookies
function sid($withamp) {
if($_COOKIE["CookieTest "] == "t") {
return '';
}
$s = session_id();
if($s) {
if($withamp) {
$v = '&';
}
$v .= 'PHPSESSID='.$s ;
return $v;
}
}
/* end of startup.php */ 14  1793 
On Sun, 6 Nov 2005 11:09:58 +1300, windandwaves <wi*********@co ldmail.com>
wrote: Hi Folk
Forgive me for asking such a basic question... I have a site where I
want to
track the user from start till end... To do this, I have setup the
following structure for each page, referring to startup.php, where the
session is managed. Can anyone check that I am doing it right. I
thought I
was doing it right, but then the site started doing really, really funny
stuff, basically loosing track of sessions ...
I want my application to be as portable as possible, so I want to
override
all the php.ini values that are important.
Thanks in advance (TIA)
- Nicolaas
<?php
include_once("s tartup.php");
if ( !startup( ) ) {
die("could not load application");
}
...
...//page content here
...
echo '<a href="testme.ph p?'.sid(false). '">link one on the page</a>';
echo '<a href="testme.ph p?a=3'.sid(true ).'">link two on the page</a>';
...
...//more page content here
...
?>
/*startup.php file: */
//function to start session
function startup() {
$expiry = 60 * 60 * 24 * 1000;
ini_set('sessio n.cache_limiter ', 'nocache');
ini_set('sessio n.use_trans_sid ', 1);
ini_set('arg_se parator.output' , "&");
ini_set('sessio n.use_cookies', 1);
ini_set('sessio n.use_only_cook ies', 0);
setcookie("Cook ieTest", "t"); //set a cookie so next time we know if the
user can do cookies
ini_set('sessio n.cookie_lifeti me', $expiry);
session_start() ;
}
session_start() should first in output to browser. Try to place
thesetcookie() after session_start() .
//function to include session ID in case they do not accept cookies
function sid($withamp) {
if($_COOKIE["CookieTest "] == "t") {
return '';
}
$s = session_id();
if($s) {
if($withamp) {
$v = '&';
}
$v .= 'PHPSESSID='.$s ;
return $v;
}
}
/* end of startup.php */
--
Exact Meta Search | Major Search Engine http://exactsearcher.com
Berimor wrote:
...... session_start() should first in output to browser. Try to place
thesetcookie() after session_start() .
Ok, interesting ;-) Can you explain me why that is? Just so that I
understand.. Will do
//function to include session ID in case they do not accept cookies
function sid($withamp) {
if($_COOKIE["CookieTest "] == "t") {
return '';
}
$s = session_id();
if($s) {
if($withamp) {
$v = '&';
}
$v .= 'PHPSESSID='.$s ;
return $v;
}
}
/* end of startup.php */
On Sun, 6 Nov 2005 14:49:20 +1300, windandwaves <wi*********@co ldmail.com>
wrote: Berimor wrote:
..... session_start() should first in output to browser. Try to place
thesetcookie() after session_start() .
Ok, interesting ;-) Can you explain me why that is? Just so that I
understand.. Will do
the PHP Manual says
" ... Note: If you are using cookie-based sessions, you must call
session_start() before anything is output to the browser.
"
the nature of sesion mechanism is more complex than just cookie. You can
set cookie at any place of script - you just make easy operation - write
the information to broweser's cookie. When session starts it uses cookie
only to save session identificator but behind the curtains huge piece of
work being done - session prepares the, so called, session environment. I
have never dig it deeply though :)
Let mne know if this helped.
//function to include session ID in case they do not accept cookies
function sid($withamp) {
if($_COOKIE["CookieTest "] == "t") {
return '';
}
$s = session_id();
if($s) {
if($withamp) {
$v = '&';
}
$v .= 'PHPSESSID='.$s ;
return $v;
}
}
/* end of startup.php */
--
Exact Meta Search | Major Search Engine http://exactsearcher.com
I dont know why PHP is so picky, but on the top of every page i write
that requires sessions the very first line is
<?php session_start() ; ?>
and then i do everything else in a new <?php ?> block. I spent about 2
days figuring that out when i was teaching myself PHP and found that
was the best way to do it. If anyone else knows a different method
then please let me know.
-Rick
----------------------------
Looking for a place to drink tonight? Visit HappyHourHotSpo ts.com!
Berimor wrote: the nature of sesion mechanism is more complex than just cookie. You
can set cookie at any place of script - you just make easy operation -
write the information to broweser's cookie.
Actually, a cookie is part of the header. So cookies must be sent before
content http://dk2.php.net/setcookie
Message-ID: <43************ ***********@dte xt01.news.tele. dk> from myname
contained the following: the nature of sesion mechanism is more complex than just cookie. You
can set cookie at any place of script - you just make easy operation -
write the information to broweser's cookie.
Actually, a cookie is part of the header. So cookies must be sent before
content
Cookies are sent by the client to the server as long as they have
previously been set by the server . A cookie cannot be set and sent
simultaneously. I find this confuses the hell out of my students...
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
> Cookies are sent by the client to the server as long as they have previously been set by the server . A cookie cannot be set and sent
simultaneously. I find this confuses the hell out of my students...
Sure, do doubt.
But if you read whole thread, problem was about SETTING session variable
and cookies, not sending.
So, if setcookie() was called before session_start() - sure there will be
a problem registering session in your browser - mean writing session ID to
it.
If php ini file set correct the interpretator will rise error.
--
---
Exact Meta Search | Major Search Engine http://exactsearcher.com
On Mon, 07 Nov 2005 09:17:27 +0200, myname <none@invalid > wrote: Actually, a cookie is part of the header. So cookies must be sent before
content
http://dk2.php.net/setcookie
its Manual!!!
the PHP Manual says
" ... Note: If you are using cookie-based sessions, you must call
session_start() before anything is output to
the browser.
"
---
Exact Meta Search | Major Search Engine http://exactsearcher.com
Berimor wrote: its Manual!!!
the PHP Manual says
" ... Note: If you are using cookie-based sessions, you must call
session_start() before anything is output to
the browser.
"
I was referring to the part where you said:
"You can set cookie at any place of script"
That is only true, as long there has not been sent anything to the
client. Or if using output buffering This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Paul |
last post by:
Hmmm, didn't seem to work. I have set session.use_cookies = 1 and
session.use_trans_sid = 1 in my php.ini file. Index.php contains:
----------------------------------------------------------------------------
<?php
ini_set("session.use_cookies", "off");
ini_set("session.use_trans_sid", "on");
session_start();
$_SESSION = "";
$_SESSION = "";
echo "<form method='POST' action='login.php'>
|
by: mrbog |
last post by:
Tell me if my assertion is wrong here:
The only way to prevent session hijacking is to NEVER store
authentication information (such as name/password) in the session.
Well, to never authenticate a user from information you got from the
session. Each secure app on a site must challenge the user for name
and password, each and every time the user accesses it (not just once
and then store it in the session). If a secure app is multi-page,...
|
by: mudge |
last post by:
I'm running PHP Version 4.3.10. I'm trying to make it so that when a
person logs in using a user name and password that their session is
valid and continues for a few months so they don't have to log in each
time they come to the site.
In a .htaccess file I set session.cookie_lifetime to 20736000 seconds
and I set session.gc_maxlifetime to 20736000
It works for about 30 minutes. A user can login and then close their
browser and then...
|
by: doltharz |
last post by:
Please Help me
i'm doing something i though was to be REALLY EASY but it drives me
crazy
The complete code is at the end of the email
(i mean newsgroup article),
i always use Option Explicit
and Response.Expires=-1,
|
by: Mark |
last post by:
Ok, I know that .net inherently does not share session data across asp.net
projects, but is there any decent work around to this.
We already have a big chunk of our application using the asp.net session
object (using state service). I'd like to start breaking out
our functionality into component projects, but I'd like to get this session
issue worked out first.
Any ideas??
I found this article , but it sounds like kind of a pain.
| | |
by: Vishal |
last post by:
Hello,
can anybody tell me how I can extend the session
expiry time? Is it done via code or via IIS? Sorry I am
new and dont know about this.
|
by: BillE |
last post by:
Some ASP.NET applications use Session Variables extensively to maintain
state.
These should be re-written to use viewstate, hidden fields, querystring,
etc. instead.
This is because if a user opens a new IE window with Ctrl-N or
File-New-Window, BOTH WINDOWS SHARE THE SAME SESSION VARIABLES. This cannot
be prevented.
|
by: Gordon Burditt |
last post by:
I had this idea about preventing session fixation, and I'm wondering
what anyone else thinks about it. The idea is, essentially, don't
allow session ids that YOUR PHP didn't generate (and aren't yet
expired) to log in. That way if someone sticks a made-up session
ID on a URL, it won't matter, unless it happens to correspond to
an active session (guessing a user password is probably easier).
Is this already standard practice, new, or is...
|
by: Control Freq |
last post by:
Hi,
Not sure if this is the right NG for this, but, is there a convention
for the variable names of a Session variable?
I am using .NET 2.0 in C#. I am new to all this .NET stuff, So, any
guidance appreciated.
Regards
|
by: MrHelpMe |
last post by:
Hello again all,
I've finished my whole application and now I don't like the whole
session variables that I am using. I have a form, user fills in info
clicks submit and using CDOSYSMail an email link gets created with an
encoded query string. i.e
http://www.yahoo.ca?#$@%@&#%#$@&^@%# which translates into
http://www.yahoo.ca?userID=54&LocationID=Denver.
Now when the user get's this email and clicks on the link I have a
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| | |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
| | |
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
