hi,
i have written a class for session handling, and i want to use it to
keep track of the user.
After authenticating the user in login page i am storing the session
info like uname etc.. in a object of session class. I am creating this
object in the login page.
Now how can i make this object persist between subsequent page
requests. and i dont want to use GET method.
Is it sensible to use hidden fields OR will i have to create a new
session object in each page???
plz help
Thanx
Josh 9 1536
viz wrote:
i have written a class for session handling, and i want to use it to
keep track of the user.
After authenticating the user in login page i am storing the session
info like uname etc.. in a object of session class. I am creating this
object in the login page.
Now how can i make this object persist between subsequent page
requests. and i dont want to use GET method.
Is it sensible to use hidden fields OR will i have to create a new
session object in each page???
To make an object persist between page calls you will have to save it
somewhere. Depending on the complexity you will probably use $_SESSION
variables and optionally save data to a file or database that will be
read by each page view. To access the $_SESSION variables a session ID
is held on the client computer either in a cookie or in the URL as a
$_GET variable (it's simply a session reference ID).
If you use hidden fields on forms then the data will be visible to
users using view source, and therefore can compromise security for
example someone creating a fake set of hidden variables.
If you read up on PHP sessions it will help you get where you want to
go.
Saul www.notanant.com
Communities of websites
well i am not using database;
and i am also not using session handling functions like
session_registe r and session_start Directly.
i have implemented them using a session class and i am setting and
retrieving session variables by using object of the session class.
the problem i am facing is that as long as i use the session class
object in a single page it is fine but what should i do in order to
make that object accessible in other pages so that i may check the
authenticity of user, using functions on the same object.
hop i m clear this time.
Thanx
On 5 Dec 2006 02:53:42 -0800, "viz" <vi**********@g mail.comwrote:
>well i am not using database;
and i am also not using session handling functions like session_regist er and session_start Directly. i have implemented them using a session class and i am setting and retrieving session variables by using object of the session class. the problem i am facing is that as long as i use the session class object in a single page it is fine but what should i do in order to make that object accessible in other pages so that i may check the authenticity of user, using functions on the same object. hop i m clear this time.
This sounds like circular logic and I'm tempted to ask why you want to
complicate the use of sessions by making a class that you then have to
hold in a normal $_SESSION[] variable?
To make data 'persist' between pages choose one of the following:
1. hold it is a database (but you're not doing that)
2. hold it in cookies (but this can be switched off by the user)
3. hold it in sessions.
For something as simple as holding a userid I'd just create a
$_SESSION['userid'] variable on successful login and refer to it later
in the code by name.
I can understand creating classes for managing complex data structures
(eg. database records etc) but from what you have said so far I don't
think it warrants it in your case. :o)
Chris R.
On Dec 5, 4:28 pm, n...@emails.thx wrote:
On 5 Dec 2006 02:53:42 -0800, "viz" <vijayjosh...@g mail.comwrote:
well i am not using database;
and i am also not using session handling functions like
session_registe r and session_start Directly.
i have implemented them using a session class and i am setting and
retrieving session variables by using object of the session class.
the problem i am facing is that as long as i use the session class
object in a single page it is fine but what should i do in order to
make that object accessible in other pages so that i may check the
authenticity of user, using functions on the same object.
hop i m clear this time.This sounds like circular logic and I'm tempted to ask why you want to
complicate the use of sessions by making a class that you then have to
hold in a normal $_SESSION[] variable?
To make data 'persist' between pages choose one of the following:
1. hold it is a database (but you're not doing that)
2. hold it in cookies (but this can be switched off by the user)
3. hold it in sessions.
For something as simple as holding a userid I'd just create a
$_SESSION['userid'] variable on successful login and refer to it later
in the code by name.
I can understand creating classes for managing complex data structures
(eg. database records etc) but from what you have said so far I don't
think it warrants it in your case. :o)
Chris R.
Thanx Chris,
that was what i wanted to know. i am new to PHP5 thats why i was
searching 4 the most feasible way.
I have one more query....if u dont mind.
when i am running my application on Firefox and if i login then the
same session is getting duplicated if i open another tab. Although if i
run the program on Firefox and IE simultaneously then 2 distinct
sessions are being created.
Is it normal??? How can it be explained??
Currently i m playing with a small application but soon i think i will
have to make use of databases for user management. Can u give some
insight into that also.
Thanx again
Josh
On 5 Dec 2006 03:54:10 -0800, "viz" <vi**********@g mail.comwrote:
>On Dec 5, 4:28 pm, n...@emails.thx wrote:
>On 5 Dec 2006 02:53:42 -0800, "viz" <vijayjosh...@g mail.comwrote:
>well i am not using database;
>and i am also not using session handling functions like session_regist er and session_start Directly. i have implemented them using a session class and i am setting and retrieving session variables by using object of the session class. the problem i am facing is that as long as i use the session class object in a single page it is fine but what should i do in order to make that object accessible in other pages so that i may check the authenticity of user, using functions on the same object. hop i m clear this time.This sounds like circular logic and I'm tempted to ask why you want to
complicate the use of sessions by making a class that you then have to hold in a normal $_SESSION[] variable?
To make data 'persist' between pages choose one of the following: 1. hold it is a database (but you're not doing that) 2. hold it in cookies (but this can be switched off by the user) 3. hold it in sessions.
For something as simple as holding a userid I'd just create a $_SESSION['userid'] variable on successful login and refer to it later in the code by name.
I can understand creating classes for managing complex data structures (eg. database records etc) but from what you have said so far I don't think it warrants it in your case. :o)
Chris R.
Thanx Chris, that was what i wanted to know. i am new to PHP5 thats why i was searching 4 the most feasible way. I have one more query....if u dont mind.
when i am running my application on Firefox and if i login then the same session is getting duplicated if i open another tab. Although if i run the program on Firefox and IE simultaneously then 2 distinct sessions are being created. Is it normal??? How can it be explained?? Currently i m playing with a small application but soon i think i will have to make use of databases for user management. Can u give some insight into that also.
My understanding of sessions is that the lifetime of the session is
within the browser being run ... 2 browsers would have a session each
.... close the browser and open it again and you get another session
.... run 2 tabs in the same browser and they share the same session. (I
think)
Chris R.
viz wrote:
when i am running my application on Firefox and if i login then the
same session is getting duplicated if i open another tab. Although if i
run the program on Firefox and IE simultaneously then 2 distinct
sessions are being created.
Is it normal??? How can it be explained??
Currently i m playing with a small application but soon i think i will
have to make use of databases for user management. Can u give some
insight into that also.
The session variable is being held in a cookie in this case. Each of
the different browsers holds cookies separately hence two sessions with
two browsers open. If you are within a single browser the same cookie
is used, hence one cookie.
Saul www.notanant.com
Communities of websites no@emails.thx wrote:
On 5 Dec 2006 03:54:10 -0800, "viz" <vi**********@g mail.comwrote:
On Dec 5, 4:28 pm, n...@emails.thx wrote:
On 5 Dec 2006 02:53:42 -0800, "viz" <vijayjosh...@g mail.comwrote:
well i am not using database;
and i am also not using session handling functions like
session_registe r and session_start Directly.
i have implemented them using a session class and i am setting and
retrieving session variables by using object of the session class.
the problem i am facing is that as long as i use the session class
object in a single page it is fine but what should i do in order to
make that object accessible in other pages so that i may check the
authenticity of user, using functions on the same object.
hop i m clear this time.This sounds like circular logic and I'm tempted to ask why you want to
complicate the use of sessions by making a class that you then have to
hold in a normal $_SESSION[] variable?
To make data 'persist' between pages choose one of the following:
1. hold it is a database (but you're not doing that)
2. hold it in cookies (but this can be switched off by the user)
3. hold it in sessions.
For something as simple as holding a userid I'd just create a
$_SESSION['userid'] variable on successful login and refer to it later
in the code by name.
I can understand creating classes for managing complex data structures
(eg. database records etc) but from what you have said so far I don't
think it warrants it in your case. :o)
Chris R.
Thanx Chris,
that was what i wanted to know. i am new to PHP5 thats why i was
searching 4 the most feasible way.
I have one more query....if u dont mind.
when i am running my application on Firefox and if i login then the
same session is getting duplicated if i open another tab. Although if i
run the program on Firefox and IE simultaneously then 2 distinct
sessions are being created.
Is it normal??? How can it be explained??
Currently i m playing with a small application but soon i think i will
have to make use of databases for user management. Can u give some
insight into that also.
My understanding of sessions is that the lifetime of the session is
within the browser being run ... 2 browsers would have a session each
... close the browser and open it again and you get another session
... run 2 tabs in the same browser and they share the same session. (I
think)
Chris R.
Chris, you are right. The session is stored by window not by tab.
On 5 Dec 2006 06:02:10 -0800, "iulian.ile a" <iu*********@gm ail.com>
wrote:
> no@emails.th x wrote:
>On 5 Dec 2006 03:54:10 -0800, "viz" <vi**********@g mail.comwrote:
>On Dec 5, 4:28 pm, n...@emails.thx wrote: On 5 Dec 2006 02:53:42 -0800, "viz" <vijayjosh...@g mail.comwrote:
well i am not using database;
and i am also not using session handling functions like session_regist er and session_start Directly. i have implemented them using a session class and i am setting and retrieving session variables by using object of the session class. the problem i am facing is that as long as i use the session class object in a single page it is fine but what should i do in order to make that object accessible in other pages so that i may check the authenticity of user, using functions on the same object. hop i m clear this time.This sounds like circular logic and I'm tempted to ask why you want to complicate the use of sessions by making a class that you then have to hold in a normal $_SESSION[] variable?
To make data 'persist' between pages choose one of the following: 1. hold it is a database (but you're not doing that) 2. hold it in cookies (but this can be switched off by the user) 3. hold it in sessions.
For something as simple as holding a userid I'd just create a $_SESSION['userid'] variable on successful login and refer to it later in the code by name.
I can understand creating classes for managing complex data structures (eg. database records etc) but from what you have said so far I don't think it warrants it in your case. :o)
Chris R.
Thanx Chris, that was what i wanted to know. i am new to PHP5 thats why i was searching 4 the most feasible way. I have one more query....if u dont mind.
when i am running my application on Firefox and if i login then the same session is getting duplicated if i open another tab. Although if i run the program on Firefox and IE simultaneously then 2 distinct sessions are being created. Is it normal??? How can it be explained?? Currently i m playing with a small application but soon i think i will have to make use of databases for user management. Can u give some insight into that also.
My understanding of sessions is that the lifetime of the session is within the browser being run ... 2 browsers would have a session each ... close the browser and open it again and you get another session ... run 2 tabs in the same browser and they share the same session. (I think)
Chris R.
Chris, you are right. The session is stored by window not by tab.
Thanks for the confirmation :o)
Of course, I forgot to say that the life-time of the session is also
dependent on the configured lifetime of the session/cookies on the
server too.
Chris R.
Currently i m playing with a small application but soon i think i will
have to make use of databases for user management. Can u give some
insight into that also.
Well, how to go about properly and securely managing databases (I
assume you mean a relational database, like MySQL) can fill a book, and
I believe authors have, indeed, done so. I'm sure people here will be
more than willing to help you along the way, but I would suggest that
you first do some research online or by reading current books on the
issue. The examples on php.net's documentation uses good, secure code,
but you'll want to search out articles on sites like sitepoint, which,
as far as I know, is a place which uses good quality code. You need to
watch out for articles, which features code that doesn't escape user
input, which can lead to SQL injection (visitors crafting arbitrary SQL
queries through input, whether from the query string or POSTed from a
different script altogether). In PHP, for MySQL, you will notice the
mysql_real_esca pe_string function. There are similar functions for
other databases. The mysqli extension even lets you use prepared
statements, if I'm not mistaken.
So, again, you'll want to do some research on this topic, especially if
you plan on deploying your project in the public domain.
Curtis This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: mjkahn |
last post by:
I've read (and read!) that you shouldn't store objects in Session variables.
I've read these reasons:
- The object takes up memory that may not be freed until the session times
out. Better to create the object only when you actually use it.
- Causes poor performance because the thread that created the object has to
service all requests for it.
Assuming I can live with the memory and performance implications (a big if,
|
by: Steve Jorgensen |
last post by:
When writing VB or VBA code that works with databases or other external
libraries that cannot be trusted to automatically do the right thing when
references to their objects are arbitrarily released, some thought must be put
into how to make sure the objects will all be closed and released in the
correct order, even in the result of an error.
This requirement can make our code really ugly, even following the best of
commonly known best...
|
by: mirek |
last post by:
Hi,
Is it safe to put my objects that are managed c++ wrappers to the
session? I want to pass them from one page to the other in the session
object but I noticed strange (maybe it is ok) behaviour: sometimes
destructors from unmanaged classes (that are being wrapped by my
wrappers) are called when it's not needed.
Thanks in advance for any suggestions.
Regards,
mirek
|
by: John A Grandy |
last post by:
for high traffic public websites , what are the proven options for
session-state storage & management ?
is an out-of-process state-server generally preferred over a sql-server ?
what are the relevant criteria ? is the primary criteria max expected total
storage size (for all active sessions) versus max ram available on the
state-server machine ?
if ADO.NET objects (such as small DataTables) must be stored in
session-state , is any...
|
by: Chris |
last post by:
Hi,
I am building a single webform/webpage asp.net application using VB.NET.
I have created lots of classes for this web application.
On page load I use a facade controller pattern class to perform all my initial
class object instaniations using sub new() procedures
I'm using this project to learn the ins and outs of OOA and OOD, so instead
of doing everything in code behind pages I have lots of objects now created
| |
by: scsharma |
last post by:
Hi,
I am working on creating a webapplication and my design calls for creating
main webform which will have menu bar on left hand side and a IFrame which
will contain all the forms that are shown when menu items are clicked.Besides
these i would like to put a custom status bar. Any error message encountered
in any of the webpage will be displayed in the banner.
The problem iam encountering is how to access the customer status bar in
child...
|
by: js |
last post by:
Does anybody knows how to solve the problem? I added
attribute to the following classes in
Microsoft.Practices.EnterpriseLibrary.Data namespace, but I still get
the error. Thanks.
Database.cs
DatabaseFactory.cs
DatabaseProviderFactory.cs
DBCommandWrapper.cs
|
by: Bhagya |
last post by:
Hello,
On the LogOut Page i have done Session.Abandon();
And on every Page, In the Page_Load Event i check if the session exists
and only then display data.
Now the problem is after i logout from application and click the back
button of Internet Explorer, the page displays. Can anyone guide me
plsssss.
Thank you,
Bhagya
|
by: jeffc226 |
last post by:
I'm interested in an idiom for handling errors in functions without
using traditional nested ifs, because I think that can be very awkward
and difficult to maintain, when the number of error checks gets about
3 or so. It also gets very awkward in nested loops, where you want to
check for normal loop processing in the loop condition, not errors.
Yes, you could put some generic exit flag in the loop condition, but
when you're simply done if...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |