473,324 Members | 2,239 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

sessions

Any pitfalls or stuff I need to worry about when working with sessions? I
want to write a log file and hit counter along with a login interface and
I'm trying to learn this stuff.

http://us.php.net/session

Just wondering if theres anything that I need to keep in mind while I work
on it?

Thanks,
Jon
Apr 28 '07 #1
3 2686

"Jon Slaughter" <Jo***********@Hotmail.comwrote in message
news:Eg*****************@newssvr19.news.prodigy.ne t...
Any pitfalls or stuff I need to worry about when working with sessions? I
want to write a log file and hit counter along with a login interface and
I'm trying to learn this stuff.

http://us.php.net/session

Just wondering if theres anything that I need to keep in mind while I work
on it?

Thanks,
Jon
BTW, I assume this is how the server deals with such things as logins and
stuff? Not sure if I should look into something else?
Apr 28 '07 #2
For clarity: sessions store variables that you want to stay the same
while each person browses your site, the variables are only the same
for the same person, each person has their own session, and when the
session expires (usually after 15 minutes of that person not doing
anything on your website, but that number can be changed in php.ini),
those variables are lost. You have to remember to call session_start()
before using session variables or sending any output to the browser if
you want to make use of the session on a page (it usually sends
cookies to the browser in headers so it can remember the session id
for that person). Sorry if you already know this, I just want to make
sure first.

You usually shouldn't need to worry about the server remembering the
session state, that should probably work without you changing
anything.

If you are on a shared hosting plan, plain sessions may be a security
risk. Session files are normally stored in a common folder that might
not protect your session data from being read by other websites on the
server (on purpose, don't worry about it mixing them up). If you are
running PHP as a CGI binary and can have your own php.ini, be sure
change session.save_path (which defaults to /tmp) to somewhere that
only you have access to (if PHP is running as a CGI binary and is
running as your user, you can change the permissions on a directory
you make in your own space to be extra save).

You can also use session_set_save_handler() to manage your session
data yourself. You can make functions (or a Session class with methods
for organization) that save the session data into files yourself, or
even to save the serialized session data into a database.
http://us.php.net/manual/en/function...ve-handler.php

You can use sessions to improve your hit counter by saving a variable
when you count that user, so you can count more unique hits. For
example, you could do something like this:
<?php
session_start();
if( !isset( $_SESSION['hit_counted'] ) || !$_SESSION['hit_counted'] )
{
file_put_contents( 'hits.txt', (int)@file_get_contents( 'hits.txt' )
+ 1 );
$_SESSION['hit_counted'] = true;
}
?>

Note that for something older than PHP5, you would need to use
different file functions. Also, sessions will not store the count of
hits, you need a file or a database to do that. The above code will
create a hits.txt file if there is not one already. It is important to
remember that it will not count completely unique hits, but just count
once per session. If you want to try to make it completely unique, you
would not need sessions but cookies instead, or you could store IP
addresses in a database. You might as well try Google Analytics
(google.com/analytics) if you want serious traffic analysis (it's
free, and it's just a little JavaScript snippet that connects to
Google).

As for logins: yes, sessions are a good way to remember whether or not
someone is logged in and their user data if your session files are
secure.

-Mike PII

Apr 28 '07 #3

"Mike P2" <su***********@gmail.comwrote in message
news:11**********************@l77g2000hsb.googlegr oups.com...
For clarity: sessions store variables that you want to stay the same
while each person browses your site, the variables are only the same
for the same person, each person has their own session, and when the
session expires (usually after 15 minutes of that person not doing
anything on your website, but that number can be changed in php.ini),
those variables are lost. You have to remember to call session_start()
before using session variables or sending any output to the browser if
you want to make use of the session on a page (it usually sends
cookies to the browser in headers so it can remember the session id
for that person). Sorry if you already know this, I just want to make
sure first.

You usually shouldn't need to worry about the server remembering the
session state, that should probably work without you changing
anything.

If you are on a shared hosting plan, plain sessions may be a security
risk. Session files are normally stored in a common folder that might
not protect your session data from being read by other websites on the
server (on purpose, don't worry about it mixing them up). If you are
running PHP as a CGI binary and can have your own php.ini, be sure
change session.save_path (which defaults to /tmp) to somewhere that
only you have access to (if PHP is running as a CGI binary and is
running as your user, you can change the permissions on a directory
you make in your own space to be extra save).

You can also use session_set_save_handler() to manage your session
data yourself. You can make functions (or a Session class with methods
for organization) that save the session data into files yourself, or
even to save the serialized session data into a database.
http://us.php.net/manual/en/function...ve-handler.php

You can use sessions to improve your hit counter by saving a variable
when you count that user, so you can count more unique hits. For
example, you could do something like this:
<?php
session_start();
if( !isset( $_SESSION['hit_counted'] ) || !$_SESSION['hit_counted'] )
{
file_put_contents( 'hits.txt', (int)@file_get_contents( 'hits.txt' )
+ 1 );
$_SESSION['hit_counted'] = true;
}
?>

Note that for something older than PHP5, you would need to use
different file functions. Also, sessions will not store the count of
hits, you need a file or a database to do that. The above code will
create a hits.txt file if there is not one already. It is important to
remember that it will not count completely unique hits, but just count
once per session. If you want to try to make it completely unique, you
would not need sessions but cookies instead, or you could store IP
addresses in a database. You might as well try Google Analytics
(google.com/analytics) if you want serious traffic analysis (it's
free, and it's just a little JavaScript snippet that connects to
Google).

As for logins: yes, sessions are a good way to remember whether or not
someone is logged in and their user data if your session files are
secure.

-Mike PII
Thank you for taking the time out to explain some of the details. The point
you bring up about security worries me. I'm going to have to look into that
more.

What I'm going to do with the hits thing is just use there(the hosts)
statistics page. It gives a much more detailed view and I don't see any
reason to duplicate any code just for it. I'll look into the google thing
though as it seems cool.

Thanks,
Jon

Apr 28 '07 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: The Plankmeister | last post by:
Hi... I'm trying my hardest to understand fully how sessions work and how best to use them. However, all I can find is information that doesn't tell me anything other than that sessions store...
13
by: jing_li | last post by:
Hi, you all, I am a newbee for php and I need your help. One of my coworker and I are both developing a webpage for our project using php. We have a copy of the same files in different location...
3
by: Maxime Ducharme | last post by:
Hi group We have a problem with sessions in one of our sites. Sessions are used to store login info & some other infos (no objects are stored in sessions). We are using Windows 2000 Server...
3
by: Will Woodhull | last post by:
Hi, I'm new here-- I've been reading the group for a couple of days. Nice group; I like the way n00b33 questions are handled. I've been using a Javascript routine in index.html to determine a...
2
by: Steve Franks | last post by:
According to the docs you tell ASP.NET to use cookieless sessions by setting a value in the config.web file. However, what if I wanted to determine at run time whether or not I wanted to use...
12
by: D. Shane Fowlkes | last post by:
This is a repost (pasted below). Since my original post, I've double checked the system clock and set all IIS Session Timeout values to 10 minutes. Still ...the problem occurs. I've also...
6
by: Daniel Walzenbach | last post by:
Hi, I have a web application which sometimes throws an “out of memory” exception. To get an idea what happens I traced some values using performance monitor and got the following values (for...
22
by: magic_hat60622 | last post by:
Hi all. I've got an app that dumps a user id into a session after successful login. the login page is http://www.mydomain.com/login.php. If the user visits pages on my site without the www (i.e.,...
13
Frinavale
by: Frinavale | last post by:
One of the most fundamental topics in web design is understanding how to pass information collected on one web page to another web page. There are many different ways you could do this: Cookies,...
3
Atli
by: Atli | last post by:
Introduction: Sessions are one of the simplest and more powerful tools in a web developers arsenal. This tool is invaluable in dynamic web page development and it is one of those things every...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shllpp 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.