Hello,
I am learning PHP5. I have a website that consists of two pages: index.php
and summary.php. In index.php the user is automatically moved to
summary.php with some $_SESSION data so I use session_end instead of
session_destroy on index.php page. And the user can manually (hyperlink) go
to index.php from summary.php with some $_SESSION data so I also use
session_end, not session_destroy , on summary.php.
Thus, I have no session_destroy call in my website code.
QUESTION: May it produce any problems?
Thanks a lot for your answers.
7  1821 
As far as I know, the function session_end doesn't exist, unless you
meant something like session_unset or whatever.
So judging by what you want to do, then yes, session_destroy should be
what you need.
Jivanmukta wrote:
Hello,
I am learning PHP5. I have a website that consists of two pages: index.php
and summary.php. In index.php the user is automatically moved to
summary.php with some $_SESSION data so I use session_end instead of
session_destroy on index.php page. And the user can manually (hyperlink) go
to index.php from summary.php with some $_SESSION data so I also use
session_end, not session_destroy , on summary.php.
Thus, I have no session_destroy call in my website code.
QUESTION: May it produce any problems?
Thanks a lot for your answers.
Hello,
I am learning PHP5. I have a website that consists of two pages:
index.php and summary.php. In index.php the user is automatically
moved to summary.php with some $_SESSION data so I use session_end
instead of session_destroy on index.php page. And the user can
manually (hyperlink) go to index.php from summary.php with some
$_SESSION data so I also use session_end, not session_destroy , on
summary.php.
Thus, I have no session_destroy call in my website code.
QUESTION: May it produce any problems?
Thanks a lot for your answers.
Just another newbie here so for what it's worth:
I use session destroy because I discovered with forms, without it, the
user could easily go back into an earlier stage but past the point of
human-validation and keep on sending mails if he wanted to.
As I understand it, the session will be destroyed when the user
leaves and the server does the housecleaning, but that isn't very quick
to happan apparently, so might leave the session available for a long
time if the server is really busy.
I guess it depends on whether it matters to you whether the session
data remains there for some unknown period of time after the user is
done. What kind of damage could a malicious, unknown user do?
I'm sure someone more knowledgeable will come along shortly. I do know
php.net has a pretty good write-up on it too.
HTH
Twayne
Twayne wrote:
>Hello,
I am learning PHP5. I have a website that consists of two pages:
index.php and summary.php. In index.php the user is automatically
moved to summary.php with some $_SESSION data so I use session_end
instead of session_destroy on index.php page. And the user can
manually (hyperlink) go to index.php from summary.php with some
$_SESSION data so I also use session_end, not session_destroy , on
summary.php.
Thus, I have no session_destroy call in my website code.
QUESTION: May it produce any problems?
Thanks a lot for your answers.
Just another newbie here so for what it's worth:
I use session destroy because I discovered with forms, without it, the
user could easily go back into an earlier stage but past the point of
human-validation and keep on sending mails if he wanted to.
Not if you do it correctly. Each email would have to be validated.
As I understand it, the session will be destroyed when the user
leaves and the server does the housecleaning, but that isn't very quick
to happan apparently, so might leave the session available for a long
time if the server is really busy.
The website has no idea when the user leaves it. That's one reason for
a timeout value. Also, if you're using cookies to manage the session,
the session will be lost if the user clears cookies (often set as an
action when the browser is closed).
And the busier the server is, the more likely the session is to be
deleted after it expires.
I guess it depends on whether it matters to you whether the session
data remains there for some unknown period of time after the user is
done. What kind of damage could a malicious, unknown user do?
Not very much. The session ID is a long hexadecimal value which would
be almost impossible to guess.
And unless you're storing gobs of data in the $_SESSION, chances are
it's not going to cause you any problems with disk usage.
I'm sure someone more knowledgeable will come along shortly. I do know
php.net has a pretty good write-up on it too.
HTH
Twayne
And back to the original op - there is no session_end() call in PHP, so
where are you getting it from? What does it do?
Or perhaps do you mean session_close() ?
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
On Oct 24, 1:00*pm, Michael Sherwood <coolha...@gmai l.comwrote:
As far as I know, the function session_end doesn't exist, unless you
meant something like session_unset or whatever.
So judging by what you want to do, then yes, session_destroy should be
what you need.
Jivanmukta wrote:
Hello,
I am learning PHP5. I have a website that consists of two pages: index.php
and summary.php. In index.php the user is automatically moved to
summary.php with some $_SESSION data so I use session_end instead of
session_destroy on index.php page. And the user can manually (hyperlink) go
to index.php from summary.php with some $_SESSION data so I also use
session_end, not session_destroy , on summary.php.
Thus, I have no session_destroy call in my website code.
QUESTION: May it produce any problems?
Thanks a lot for your answers.
hey Jivanmukta, since you are learning PHP5 its probably good to try
and learn "best-practices" early to try and avoid common vices and
whatnot.
SESSIONS basically control an "interactio n with your website over a
period of time/browser usage" - sorry its vague but ill clarify. so
really, once the user leaves your site its up to you to decide if the
information should still be available if he returns before closing the
browser (which unless there's an explicit expiration time-limit for
the session). in your case, for example if the user goes too another
website and then comes back to yours before closing his browser, if
you don't destroy the session the summary will contain the values from
before.
Twayne wrote:
>>Hello,
I am learning PHP5. I have a website that consists of two pages:
index.php and summary.php. In index.php the user is automatically
moved to summary.php with some $_SESSION data so I use session_end
instead of session_destroy on index.php page. And the user can
manually (hyperlink) go to index.php from summary.php with some
$_SESSION data so I also use session_end, not session_destroy , on
summary.php .
Thus, I have no session_destroy call in my website code.
QUESTION: May it produce any problems?
Thanks a lot for your answers.
Just another newbie here so for what it's worth:
I use session destroy because I discovered with forms, without it,
the user could easily go back into an earlier stage but past the
point of human-validation and keep on sending mails if he wanted to.
Not if you do it correctly. Each email would have to be validated.
Oh I know, I was just demo'ing how I originally came across it. I think
(famous last words) I have it in good shape now<g>.
>
> As I understand it, the session will be destroyed when the user
leaves and the server does the housecleaning, but that isn't very
quick to happan apparently, so might leave the session available for
a long time if the server is really busy.
The website has no idea when the user leaves it. That's one reason
for a timeout value. Also, if you're using cookies to manage the
session, the session will be lost if the user clears cookies (often
set as an action when the browser is closed).
And the busier the server is, the more likely the session is to be
deleted after it expires.
That I didn't know. It's counterintuitiv e IMO but no way I can argue it
either way. I was going on what I'd read but it's hard to be sure
sometimes that one is looking at full context with things like that.
Thanks for the correction.
>
> I guess it depends on whether it matters to you whether the
session data remains there for some unknown period of time after the
user is done. What kind of damage could a malicious, unknown user
do?
Not very much. The session ID is a long hexadecimal value which would
be almost impossible to guess.
And unless you're storing gobs of data in the $_SESSION, chances are
it's not going to cause you any problems with disk usage.
>I'm sure someone more knowledgeable will come along shortly. I do
know php.net has a pretty good write-up on it too.
HTH
Twayne
And back to the original op - there is no session_end() call in PHP,
so where are you getting it from? What does it do?
Or perhaps do you mean session_close() ?
I noticed that, and someone else mentioned it, too. I just assumed he
was paraphrasing but it's still a good point, just in case, in
retrospect.
Regards,
On Oct 24, 1:00 pm, Michael Sherwood <coolha...@gmai l.comwrote:
>As far as I know, the function session_end doesn't exist, unless you
meant something like session_unset or whatever.
So judging by what you want to do, then yes, session_destroy should
be what you need.
Jivanmukta wrote:
>>Hello,
I am learning PHP5. I have a website that consists of two pages:
index.php and summary.php. In index.php the user is automatically
moved to summary.php with some $_SESSION data so I use session_end
instead of session_destroy on index.php page. And the user can
manually (hyperlink) go to index.php from summary.php with some
$_SESSION data so I also use session_end, not session_destroy , on
summary.php .
Thus, I have no session_destroy call in my website code.
QUESTION: May it produce any problems?
Thanks a lot for your answers.
hey Jivanmukta, since you are learning PHP5 its probably good to try
and learn "best-practices" early to try and avoid common vices and
whatnot.
SESSIONS basically control an "interactio n with your website over a
period of time/browser usage" - sorry its vague but ill clarify. so
really, once the user leaves your site its up to you to decide if the
information should still be available if he returns before closing the
browser (which unless there's an explicit expiration time-limit for
the session). in your case, for example if the user goes too another
website and then comes back to yours before closing his browser, if
you don't destroy the session the summary will contain the values from
before.
And, if I may interject, it's fairly easy to demo to one's self and see
it occur. Since the browser has the data stored, it's easy to go
somewhere else meantime and then come back to that part of pages. It
makes sense: Regardless of what you're doing, all the server knows is
that you took a longer period of time to enter the data it was waiting
for. But closing the browser throws away the cache you need and it no
longer works.
Twayne wrote:
>Twayne wrote:
>>>Hello,
I am learning PHP5. I have a website that consists of two pages:
index.php and summary.php. In index.php the user is automatically
moved to summary.php with some $_SESSION data so I use session_end
instead of session_destroy on index.php page. And the user can
manually (hyperlink) go to index.php from summary.php with some
$_SESSION data so I also use session_end, not session_destroy , on
summary.ph p.
Thus, I have no session_destroy call in my website code.
QUESTION: May it produce any problems?
Thanks a lot for your answers.
Just another newbie here so for what it's worth:
I use session destroy because I discovered with forms, without it,
the user could easily go back into an earlier stage but past the
point of human-validation and keep on sending mails if he wanted to.
Not if you do it correctly. Each email would have to be validated.
Oh I know, I was just demo'ing how I originally came across it. I think
(famous last words) I have it in good shape now<g>.
>> As I understand it, the session will be destroyed when the user
leaves and the server does the housecleaning, but that isn't very
quick to happan apparently, so might leave the session available for
a long time if the server is really busy.
The website has no idea when the user leaves it. That's one reason
for a timeout value. Also, if you're using cookies to manage the
session, the session will be lost if the user clears cookies (often
set as an action when the browser is closed).
And the busier the server is, the more likely the session is to be
deleted after it expires.
That I didn't know. It's counterintuitiv e IMO but no way I can argue it
either way. I was going on what I'd read but it's hard to be sure
sometimes that one is looking at full context with things like that.
Thanks for the correction.
From the doc:
"session.gc_div isor coupled with session.gc_prob ability defines the
probability that the gc (garbage collection) process is started on every
session initialization. The probability is calculated by using
gc_probability/gc_divisor, e.g. 1/100 means there is a 1% chance that
the GC process starts on each request. session.gc_divi sor defaults to 100."
So the faster you initialize sessions (typically the busy you are), the
higher your odds of running the session gc.
>> I guess it depends on whether it matters to you whether the
session data remains there for some unknown period of time after the
user is done. What kind of damage could a malicious, unknown user
do?
Not very much. The session ID is a long hexadecimal value which would
be almost impossible to guess.
And unless you're storing gobs of data in the $_SESSION, chances are
it's not going to cause you any problems with disk usage.
>>I'm sure someone more knowledgeable will come along shortly. I do
know php.net has a pretty good write-up on it too.
HTH
Twayne
And back to the original op - there is no session_end() call in PHP,
so where are you getting it from? What does it do?
Or perhaps do you mean session_close() ?
I noticed that, and someone else mentioned it, too. I just assumed he
was paraphrasing but it's still a good point, just in case, in
retrospect.
Regards,
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== === This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Ken |
last post by:
I am curious how others solve this problem.
After storing the data from sessions in the database. How do you handle the
session data stored on the server and cookie on the users computer.
I know how to destroy the session data and remove the cookie, but how do you
handle this problem.
I see three possibilities:
|
by: José Landoni |
last post by:
Hi, I got a problem with session_destroy function
I created a script but it wont work, it goes like this:
<?php
session_start();
session_unset();
session_destroy();
header(location:index.php);
?>
|
by: Mat |
last post by:
Hi,
I'm trying to renew a session by using session_destroy() before
starting a new session on the next page. Unfortunately, it seems that
I keep getting the same SESSID (using $_REQUEST) when the
session starts again. I made a test page to simplify the problem and
it still happens:
<?
session_start();
echo "SESSID = ".$_REQUEST;
|
by: Derek Fountain |
last post by:
The documentation says session_destroy() "destroys all of the data
associated with the current session". Um, like what?
The docs further say that you should remove all information in the _SESSION
global with $_SESSION = array() and you should use setcookie() to set the
session cookie to a blank value. Having done those, what does that leave
session_destroy() to do?
The page at http://au2.php.net/manual/en/function.session-destroy.php...
|
by: Twayne |
last post by:
Twayne wrote:
That's the verification I was looking for I think. There are times that
doesn't seem to be so, but perhaps I'll looking at the wrong side of the
tree in the wrong forest ... I think I let POST usages confuse me.
....
D'oh! No, I hadn't thought of looking at the souce in my browser!
Nothing like being half-armed and half-fast, huh? Guess I better switch
| | |
by: Banibrata Dutta |
last post by:
Hi,
I've gone through the list of "language differences" between 2.3 / 2.4
& 2.5 of CPython. I've spend around 2 weeks now, learning v2.5 of
CPython, and I consider myself still very very newbie. So, unable to
take a call as to how-important or desirable the newer language
features are -- so whether to write my app for v2.5 of Python, versus,
as few others on this list have recommended, i.e. to stick to v2.3 ??
Are the preformance...
|
by: Raxit |
last post by:
Hi,
i was reading/learning some hello world program in python.
I think its very simillar to Java/C++/C#. What's different (except
syntax) ?
what can i do easily with python which is not easy in c++/java !?
Tnx,
Raxit
|
by: Peter Michaux |
last post by:
On May 14, 8:55 pm, Prisoner at War <prisoner_at_...@yahoo.comwrote:
Get it from the library. I cannot imagine needing to own an HTML book.
There are plenty of good references on the web. Understand that XHTML
is not for the general web. HTML is a better option.
I own Eric Meyer's "CSS: The Definitive Guide" and am glad that I do.
It is the best definitive guide I've read on any web topic.
"Bullet Proof Web Design" is the best book...
|
by: r_ahimsa_m |
last post by:
Could you recommend me some free JavaScript validator? I was using JSlint
but it reports nonsense errors.
Please help. Thanks.
/RAM/
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
