setting multiple PHPSESSID durations - asking for trouble?

zorro

Greetings,

I want users to select the duration time of their sessions. I'm able to
do it by setting the PHPSESSID cookie duration. Is this reliable, or is
it not recommended for some reason?

This is the test :
open browser, close browser, reopen browser

if( ! $_COOKIE["PHPSESSID"]) // opened browser first time - no session
{
// create a session
session_start() ;

// modify cookie duration
myCookieAdd("PH PSESSID",sessio n_id(), $userSelectedNb Hours);

// set some variable
$_SESSION["bozo"]='clown';

}
else // reopened browser - cookie still exists, variable still exists
{
session_start() ;
echo $_SESSION["bozo"]; // prints "clown"
}

any thoughts?

Jun 13 '06 #1

Subscribe Reply

2603

Gordon Burditt

>I want users to select the duration time of their sessions. I'm able to

do it by setting the PHPSESSID cookie duration. Is this reliable, or is
it not recommended for some reason?

It's something you need to depend on the browser doing, so it's
unreliable. Don't depend on it for high security, especially against
tampering by users. Also don't depend on it for accurate timing;
a browser may only expire cookies when it starts up or shuts down
(not just opening/closing one window), and it uses the browser's
clock (which may or may not be set with the correct year) rather
than the server clock. If the user WANTS it to work correctly, and
others don't use that computer, you're probably OK.

It's also possible to track the expiration time of a session in the
session data in $_SERVER. If the session has expired, you make
them log in again. You might also want to track the LAST hit rather
than time of login (like you're doing by setting the cookie with a
new expiration time every time).

Gordon L. Burditt

Jun 13 '06 #2

Similar topics

7823

How to disable setting PHPSESSID ?

by: AmigaLemming | last post by:

As I understand my admins installed a PHP server and now my plain HTML pages also want to set a PHPSESSID cookie when loaded into a browser. Can I suppress this, e.g. by creating a configuration file like ..htaccess somewhere in my public_html directory? Is it possible to disable the setting of PHPSESSID cookies for plain HTML pages in general and maybe for PHP pages that don't need to track any session information?

PHP

6898

$PHPSESSID blank on initial php file

by: JohnS | last post by:

Hi, When I initially start my browser (any of 'm) and point it to my PHP script the $PHPSESSID is always blank. On all subsequent hits or after a refresh the value for $PHPSESSID is fine... why do I have to complete a php file before the $PHPSESSID is set? I tried to do session_start() before anything still blank, what did I miss? (Aix 4.3.3, php 4.2.1,Apache 1.13.26)

PHP

7326

pass PHPSESSID in FORM-tag

by: edward hage | last post by:

Hello , I want to pass some $_SESSION data to another page. I can pass PHPSESSID along using echo '<br /><a href="page2.php?' . SID .. '">page 2</a>'; However, I want to fill in a table with values and include PHPSESSID with it. This does not work. I tried somethink like this: <INPUT TYPE="Hidden" NAME="PHPSESSID" VALUE="<?=SID ?>">

PHP

12053

How to differentiate multiple sessions?

by: jing_li | last post by:

Hi, you all, I am a newbee for php and I need your help. One of my coworker and I are both developing a webpage for our project using php. We have a copy of the same files in different location on the server (in our own accounts on the same machine). When I am testing both versions of our program using the same browser (IE on Windows or Konqueror on Linux) the session variables will mix up and only the latest selection or options will...

PHP

1708

PHPSESSID messed up form!

by: Alex Shi | last post by:

Hi, I don't know how php process its session. I just noticed that for the first time a web site is loaded php will insert a PHPSESSID through out the page: it attach this id to links, insert hidden field into form, and even attach the id onto form button if the button is an image. Here are samples what it did: <a href="http://link?PHPSESSID=e2b49283217665659a856cd939f10881>

PHP

2787

multiple sessions

by: Goalie | last post by:

Dear all, I have a script which checks whether a user is logged in and on which level. If he is not logged in, he will get the login screen. My problem is that the script works on the server of the ISP, but not on my local machine. I checked me php.ini files and also phpinfo on the ISP server. But what happens is that if I try to log in on my local server the session is started but not read by the next file, it returns again to the login...

PHP

1759

PHPSESSID, Googlebot and .htaccess

by: John Smith | last post by:

Googlebot has been picking up numerous PHPSESSID name/value pairs in URIs at my website, and this causes duplicate hits and wasted bandwidth. I've since prevented PHPSESSID generation in my PHP script if Googlebot makes the request; like so: if(preg_match("/googlebot/i", $_SERVER) != 1) //session code here ....but this doesn't stop the PHPSESSID requests from Googlebot because they're already stored in its database, and it continues...

PHP

6510

"error_reporting" setting not being recognized in my php.ini file

by: laredotornado | last post by:

Hi, I'm using PHP 4.4.4 on Apache 2 on Fedora Core 5. PHP was installed using Apache's apxs and the php library was installed to /usr/local/php. However, when I set my "error_reporting" setting to be "E_ALL", notices are still not getting reported. The perms on my file are 664, with owner root and group root. The php.ini file is located at /usr/local/lib/php/php.ini. Any ideas why the setting does not seem to be having an effect? ...

by: jrdacc.i | last post by:

what is the difference between the tree storage durations(static,automatic and dynamic) in C?

C / C++

9663

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

10195

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

10136

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

6765

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

5415

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

5548

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

4090

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

3695

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP

2906

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General