session handling using classes n objects

viz wrote:

i have written a class for session handling, and i want to use it to
keep track of the user.
After authenticating the user in login page i am storing the session
info like uname etc.. in a object of session class. I am creating this
object in the login page.
Now how can i make this object persist between subsequent page
requests. and i dont want to use GET method.
Is it sensible to use hidden fields OR will i have to create a new
session object in each page???

To make an object persist between page calls you will have to save it
somewhere. Depending on the complexity you will probably use $_SESSION
variables and optionally save data to a file or database that will be
read by each page view. To access the $_SESSION variables a session ID
is held on the client computer either in a cookie or in the URL as a
$_GET variable (it's simply a session reference ID).

If you use hidden fields on forms then the data will be visible to
users using view source, and therefore can compromise security for
example someone creating a fake set of hidden variables.

If you read up on PHP sessions it will help you get where you want to
go.
Saul
www.notanant.com
Communities of websites

well i am not using database;

and i am also not using session handling functions like
session_registe r and session_start Directly.
i have implemented them using a session class and i am setting and
retrieving session variables by using object of the session class.
the problem i am facing is that as long as i use the session class
object in a single page it is fine but what should i do in order to
make that object accessible in other pages so that i may check the
authenticity of user, using functions on the same object.
hop i m clear this time.

Thanx

On 5 Dec 2006 02:53:42 -0800, "viz" <vi**********@g mail.comwrote:

>well i am not using database;

and i am also not using session handling functions like
session_regist er and session_start Directly.
i have implemented them using a session class and i am setting and
retrieving session variables by using object of the session class.
the problem i am facing is that as long as i use the session class
object in a single page it is fine but what should i do in order to
make that object accessible in other pages so that i may check the
authenticity of user, using functions on the same object.
hop i m clear this time.

This sounds like circular logic and I'm tempted to ask why you want to
complicate the use of sessions by making a class that you then have to
hold in a normal $_SESSION[] variable?

To make data 'persist' between pages choose one of the following:
1. hold it is a database (but you're not doing that)
2. hold it in cookies (but this can be switched off by the user)
3. hold it in sessions.

For something as simple as holding a userid I'd just create a
$_SESSION['userid'] variable on successful login and refer to it later
in the code by name.

I can understand creating classes for managing complex data structures
(eg. database records etc) but from what you have said so far I don't
think it warrants it in your case. :o)

Chris R.

On Dec 5, 4:28 pm, n...@emails.thx wrote:

On 5 Dec 2006 02:53:42 -0800, "viz" <vijayjosh...@g mail.comwrote:

well i am not using database;

and i am also not using session handling functions like
session_registe r and session_start Directly.
i have implemented them using a session class and i am setting and
retrieving session variables by using object of the session class.
the problem i am facing is that as long as i use the session class
object in a single page it is fine but what should i do in order to
make that object accessible in other pages so that i may check the
authenticity of user, using functions on the same object.
hop i m clear this time.This sounds like circular logic and I'm tempted to ask why you want to

complicate the use of sessions by making a class that you then have to
hold in a normal $_SESSION[] variable?

To make data 'persist' between pages choose one of the following:
1. hold it is a database (but you're not doing that)
2. hold it in cookies (but this can be switched off by the user)
3. hold it in sessions.

For something as simple as holding a userid I'd just create a
$_SESSION['userid'] variable on successful login and refer to it later
in the code by name.

I can understand creating classes for managing complex data structures
(eg. database records etc) but from what you have said so far I don't
think it warrants it in your case. :o)

Chris R.

Thanx Chris,
that was what i wanted to know. i am new to PHP5 thats why i was
searching 4 the most feasible way.
I have one more query....if u dont mind.

when i am running my application on Firefox and if i login then the
same session is getting duplicated if i open another tab. Although if i
run the program on Firefox and IE simultaneously then 2 distinct
sessions are being created.
Is it normal??? How can it be explained??
Currently i m playing with a small application but soon i think i will
have to make use of databases for user management. Can u give some
insight into that also.

Thanx again
Josh

On 5 Dec 2006 03:54:10 -0800, "viz" <vi**********@g mail.comwrote:

>On Dec 5, 4:28 pm, n...@emails.thx wrote:

>On 5 Dec 2006 02:53:42 -0800, "viz" <vijayjosh...@g mail.comwrote:

>well i am not using database;

>and i am also not using session handling functions like
session_regist er and session_start Directly.
i have implemented them using a session class and i am setting and
retrieving session variables by using object of the session class.
the problem i am facing is that as long as i use the session class
object in a single page it is fine but what should i do in order to
make that object accessible in other pages so that i may check the
authenticity of user, using functions on the same object.
hop i m clear this time.This sounds like circular logic and I'm tempted to ask why you want to

complicate the use of sessions by making a class that you then have to
hold in a normal $_SESSION[] variable?

To make data 'persist' between pages choose one of the following:
1. hold it is a database (but you're not doing that)
2. hold it in cookies (but this can be switched off by the user)
3. hold it in sessions.

For something as simple as holding a userid I'd just create a
$_SESSION['userid'] variable on successful login and refer to it later
in the code by name.

I can understand creating classes for managing complex data structures
(eg. database records etc) but from what you have said so far I don't
think it warrants it in your case. :o)

Chris R.

Thanx Chris,
that was what i wanted to know. i am new to PHP5 thats why i was
searching 4 the most feasible way.
I have one more query....if u dont mind.

when i am running my application on Firefox and if i login then the
same session is getting duplicated if i open another tab. Although if i
run the program on Firefox and IE simultaneously then 2 distinct
sessions are being created.
Is it normal??? How can it be explained??
Currently i m playing with a small application but soon i think i will
have to make use of databases for user management. Can u give some
insight into that also.

My understanding of sessions is that the lifetime of the session is
within the browser being run ... 2 browsers would have a session each
.... close the browser and open it again and you get another session
.... run 2 tabs in the same browser and they share the same session. (I
think)

Chris R.

viz wrote:

when i am running my application on Firefox and if i login then the
same session is getting duplicated if i open another tab. Although if i
run the program on Firefox and IE simultaneously then 2 distinct
sessions are being created.
Is it normal??? How can it be explained??
Currently i m playing with a small application but soon i think i will
have to make use of databases for user management. Can u give some
insight into that also.

The session variable is being held in a cookie in this case. Each of
the different browsers holds cookies separately hence two sessions with
two browsers open. If you are within a single browser the same cookie
is used, hence one cookie.
Saul
www.notanant.com
Communities of websites

no@emails.thx wrote:

On 5 Dec 2006 03:54:10 -0800, "viz" <vi**********@g mail.comwrote:

On Dec 5, 4:28 pm, n...@emails.thx wrote:

On 5 Dec 2006 02:53:42 -0800, "viz" <vijayjosh...@g mail.comwrote:

well i am not using database;

and i am also not using session handling functions like
session_registe r and session_start Directly.
i have implemented them using a session class and i am setting and
retrieving session variables by using object of the session class.
the problem i am facing is that as long as i use the session class
object in a single page it is fine but what should i do in order to
make that object accessible in other pages so that i may check the
authenticity of user, using functions on the same object.
hop i m clear this time.This sounds like circular logic and I'm tempted to ask why you want to
complicate the use of sessions by making a class that you then have to
hold in a normal $_SESSION[] variable?

To make data 'persist' between pages choose one of the following:
1. hold it is a database (but you're not doing that)
2. hold it in cookies (but this can be switched off by the user)
3. hold it in sessions.

For something as simple as holding a userid I'd just create a
$_SESSION['userid'] variable on successful login and refer to it later
in the code by name.

I can understand creating classes for managing complex data structures
(eg. database records etc) but from what you have said so far I don't
think it warrants it in your case. :o)

Chris R.

Thanx Chris,
that was what i wanted to know. i am new to PHP5 thats why i was
searching 4 the most feasible way.
I have one more query....if u dont mind.

when i am running my application on Firefox and if i login then the
same session is getting duplicated if i open another tab. Although if i
run the program on Firefox and IE simultaneously then 2 distinct
sessions are being created.
Is it normal??? How can it be explained??
Currently i m playing with a small application but soon i think i will
have to make use of databases for user management. Can u give some
insight into that also.

My understanding of sessions is that the lifetime of the session is
within the browser being run ... 2 browsers would have a session each
... close the browser and open it again and you get another session
... run 2 tabs in the same browser and they share the same session. (I
think)

Chris R.

Chris, you are right. The session is stored by window not by tab.

On 5 Dec 2006 06:02:10 -0800, "iulian.ile a" <iu*********@gm ail.com>
wrote:

>
no@emails.th x wrote:

>On 5 Dec 2006 03:54:10 -0800, "viz" <vi**********@g mail.comwrote:

>On Dec 5, 4:28 pm, n...@emails.thx wrote:
On 5 Dec 2006 02:53:42 -0800, "viz" <vijayjosh...@g mail.comwrote:

well i am not using database;

and i am also not using session handling functions like
session_regist er and session_start Directly.
i have implemented them using a session class and i am setting and
retrieving session variables by using object of the session class.
the problem i am facing is that as long as i use the session class
object in a single page it is fine but what should i do in order to
make that object accessible in other pages so that i may check the
authenticity of user, using functions on the same object.
hop i m clear this time.This sounds like circular logic and I'm tempted to ask why you want to
complicate the use of sessions by making a class that you then have to
hold in a normal $_SESSION[] variable?

To make data 'persist' between pages choose one of the following:
1. hold it is a database (but you're not doing that)
2. hold it in cookies (but this can be switched off by the user)
3. hold it in sessions.

For something as simple as holding a userid I'd just create a
$_SESSION['userid'] variable on successful login and refer to it later
in the code by name.

I can understand creating classes for managing complex data structures
(eg. database records etc) but from what you have said so far I don't
think it warrants it in your case. :o)

Chris R.
Thanx Chris,
that was what i wanted to know. i am new to PHP5 thats why i was
searching 4 the most feasible way.
I have one more query....if u dont mind.

when i am running my application on Firefox and if i login then the
same session is getting duplicated if i open another tab. Although if i
run the program on Firefox and IE simultaneously then 2 distinct
sessions are being created.
Is it normal??? How can it be explained??
Currently i m playing with a small application but soon i think i will
have to make use of databases for user management. Can u give some
insight into that also.

My understanding of sessions is that the lifetime of the session is
within the browser being run ... 2 browsers would have a session each
... close the browser and open it again and you get another session
... run 2 tabs in the same browser and they share the same session. (I
think)

Chris R.

Chris, you are right. The session is stored by window not by tab.

Thanks for the confirmation :o)

Of course, I forgot to say that the life-time of the session is also
dependent on the configured lifetime of the session/cookies on the
server too.

Chris R.

Currently i m playing with a small application but soon i think i will

have to make use of databases for user management. Can u give some
insight into that also.

Well, how to go about properly and securely managing databases (I
assume you mean a relational database, like MySQL) can fill a book, and
I believe authors have, indeed, done so. I'm sure people here will be
more than willing to help you along the way, but I would suggest that
you first do some research online or by reading current books on the
issue. The examples on php.net's documentation uses good, secure code,
but you'll want to search out articles on sites like sitepoint, which,
as far as I know, is a place which uses good quality code. You need to
watch out for articles, which features code that doesn't escape user
input, which can lead to SQL injection (visitors crafting arbitrary SQL
queries through input, whether from the query string or POSTed from a
different script altogether). In PHP, for MySQL, you will notice the
mysql_real_esca pe_string function. There are similar functions for
other databases. The mysqli extension even lets you use prepared
statements, if I'm not mistaken.

So, again, you'll want to do some research on this topic, especially if
you plan on deploying your project in the public domain.

Curtis