473,474 Members | 1,324 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

setting multiple PHPSESSID durations - asking for trouble?

Greetings,

I want users to select the duration time of their sessions. I'm able to
do it by setting the PHPSESSID cookie duration. Is this reliable, or is
it not recommended for some reason?

This is the test :
open browser, close browser, reopen browser

if( ! $_COOKIE["PHPSESSID"]) // opened browser first time - no session
{
// create a session
session_start();

// modify cookie duration
myCookieAdd("PHPSESSID",session_id(), $userSelectedNbHours);

// set some variable
$_SESSION["bozo"]='clown';

}
else // reopened browser - cookie still exists, variable still exists
{
session_start();
echo $_SESSION["bozo"]; // prints "clown"
}

any thoughts?

Jun 13 '06 #1
1 2583
>I want users to select the duration time of their sessions. I'm able to
do it by setting the PHPSESSID cookie duration. Is this reliable, or is
it not recommended for some reason?


It's something you need to depend on the browser doing, so it's
unreliable. Don't depend on it for high security, especially against
tampering by users. Also don't depend on it for accurate timing;
a browser may only expire cookies when it starts up or shuts down
(not just opening/closing one window), and it uses the browser's
clock (which may or may not be set with the correct year) rather
than the server clock. If the user WANTS it to work correctly, and
others don't use that computer, you're probably OK.

It's also possible to track the expiration time of a session in the
session data in $_SERVER. If the session has expired, you make
them log in again. You might also want to track the LAST hit rather
than time of login (like you're doing by setting the cookie with a
new expiration time every time).

Gordon L. Burditt
Jun 13 '06 #2
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
How to disable setting PHPSESSID ?
by: AmigaLemming | last post by:
As I understand my admins installed a PHP server and now my plain HTML pages also want to set a PHPSESSID cookie when loaded into a browser. Can I suppress this, e.g. by creating a configuration...
Latest Bytes
8
$PHPSESSID blank on initial php file
by: JohnS | last post by:
Hi, When I initially start my browser (any of 'm) and point it to my PHP script the $PHPSESSID is always blank. On all subsequent hits or after a refresh the value for $PHPSESSID is fine... why...
Latest Bytes
3
pass PHPSESSID in FORM-tag
by: edward hage | last post by:
Hello , I want to pass some $_SESSION data to another page. I can pass PHPSESSID along using echo '<br /><a href="page2.php?' . SID .. '">page 2</a>'; However, I want to fill in a table...
Latest Bytes
13
How to differentiate multiple sessions?
by: jing_li | last post by:
Hi, you all, I am a newbee for php and I need your help. One of my coworker and I are both developing a webpage for our project using php. We have a copy of the same files in different location...
Latest Bytes
0
PHPSESSID messed up form!
by: Alex Shi | last post by:
Hi, I don't know how php process its session. I just noticed that for the first time a web site is loaded php will insert a PHPSESSID through out the page: it attach this id to links, insert...
Latest Bytes
4
multiple sessions
by: Goalie | last post by:
Dear all, I have a script which checks whether a user is logged in and on which level. If he is not logged in, he will get the login screen. My problem is that the script works on the server of...
Latest Bytes
0
PHPSESSID, Googlebot and .htaccess
by: John Smith | last post by:
Googlebot has been picking up numerous PHPSESSID name/value pairs in URIs at my website, and this causes duplicate hits and wasted bandwidth. I've since prevented PHPSESSID generation in my PHP...
Latest Bytes
1
"error_reporting" setting not being recognized in my php.ini file
by: laredotornado | last post by:
Hi, I'm using PHP 4.4.4 on Apache 2 on Fedora Core 5. PHP was installed using Apache's apxs and the php library was installed to /usr/local/php. However, when I set my "error_reporting"...
Latest Bytes
241
Storgae durations
by: jrdacc.i | last post by:
what is the difference between the tree storage durations(static,automatic and dynamic) in C?
Latest Bytes
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
Latest Bytes
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
Latest Bytes
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Latest Bytes
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
Latest Bytes
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Latest Bytes
1
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Latest Bytes
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Latest Bytes
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Latest Bytes
0
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
Latest Bytes

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us