By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,677 Members | 1,094 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,677 IT Pros & Developers. It's quick & easy.

sessions

P: n/a
Any pitfalls or stuff I need to worry about when working with sessions? I
want to write a log file and hit counter along with a login interface and
I'm trying to learn this stuff.

http://us.php.net/session

Just wondering if theres anything that I need to keep in mind while I work
on it?

Thanks,
Jon
Apr 28 '07 #1
Share this Question
Share on Google+
3 Replies


P: n/a

"Jon Slaughter" <Jo***********@Hotmail.comwrote in message
news:Eg*****************@newssvr19.news.prodigy.ne t...
Any pitfalls or stuff I need to worry about when working with sessions? I
want to write a log file and hit counter along with a login interface and
I'm trying to learn this stuff.

http://us.php.net/session

Just wondering if theres anything that I need to keep in mind while I work
on it?

Thanks,
Jon
BTW, I assume this is how the server deals with such things as logins and
stuff? Not sure if I should look into something else?
Apr 28 '07 #2

P: n/a
For clarity: sessions store variables that you want to stay the same
while each person browses your site, the variables are only the same
for the same person, each person has their own session, and when the
session expires (usually after 15 minutes of that person not doing
anything on your website, but that number can be changed in php.ini),
those variables are lost. You have to remember to call session_start()
before using session variables or sending any output to the browser if
you want to make use of the session on a page (it usually sends
cookies to the browser in headers so it can remember the session id
for that person). Sorry if you already know this, I just want to make
sure first.

You usually shouldn't need to worry about the server remembering the
session state, that should probably work without you changing
anything.

If you are on a shared hosting plan, plain sessions may be a security
risk. Session files are normally stored in a common folder that might
not protect your session data from being read by other websites on the
server (on purpose, don't worry about it mixing them up). If you are
running PHP as a CGI binary and can have your own php.ini, be sure
change session.save_path (which defaults to /tmp) to somewhere that
only you have access to (if PHP is running as a CGI binary and is
running as your user, you can change the permissions on a directory
you make in your own space to be extra save).

You can also use session_set_save_handler() to manage your session
data yourself. You can make functions (or a Session class with methods
for organization) that save the session data into files yourself, or
even to save the serialized session data into a database.
http://us.php.net/manual/en/function...ve-handler.php

You can use sessions to improve your hit counter by saving a variable
when you count that user, so you can count more unique hits. For
example, you could do something like this:
<?php
session_start();
if( !isset( $_SESSION['hit_counted'] ) || !$_SESSION['hit_counted'] )
{
file_put_contents( 'hits.txt', (int)@file_get_contents( 'hits.txt' )
+ 1 );
$_SESSION['hit_counted'] = true;
}
?>

Note that for something older than PHP5, you would need to use
different file functions. Also, sessions will not store the count of
hits, you need a file or a database to do that. The above code will
create a hits.txt file if there is not one already. It is important to
remember that it will not count completely unique hits, but just count
once per session. If you want to try to make it completely unique, you
would not need sessions but cookies instead, or you could store IP
addresses in a database. You might as well try Google Analytics
(google.com/analytics) if you want serious traffic analysis (it's
free, and it's just a little JavaScript snippet that connects to
Google).

As for logins: yes, sessions are a good way to remember whether or not
someone is logged in and their user data if your session files are
secure.

-Mike PII

Apr 28 '07 #3

P: n/a

"Mike P2" <su***********@gmail.comwrote in message
news:11**********************@l77g2000hsb.googlegr oups.com...
For clarity: sessions store variables that you want to stay the same
while each person browses your site, the variables are only the same
for the same person, each person has their own session, and when the
session expires (usually after 15 minutes of that person not doing
anything on your website, but that number can be changed in php.ini),
those variables are lost. You have to remember to call session_start()
before using session variables or sending any output to the browser if
you want to make use of the session on a page (it usually sends
cookies to the browser in headers so it can remember the session id
for that person). Sorry if you already know this, I just want to make
sure first.

You usually shouldn't need to worry about the server remembering the
session state, that should probably work without you changing
anything.

If you are on a shared hosting plan, plain sessions may be a security
risk. Session files are normally stored in a common folder that might
not protect your session data from being read by other websites on the
server (on purpose, don't worry about it mixing them up). If you are
running PHP as a CGI binary and can have your own php.ini, be sure
change session.save_path (which defaults to /tmp) to somewhere that
only you have access to (if PHP is running as a CGI binary and is
running as your user, you can change the permissions on a directory
you make in your own space to be extra save).

You can also use session_set_save_handler() to manage your session
data yourself. You can make functions (or a Session class with methods
for organization) that save the session data into files yourself, or
even to save the serialized session data into a database.
http://us.php.net/manual/en/function...ve-handler.php

You can use sessions to improve your hit counter by saving a variable
when you count that user, so you can count more unique hits. For
example, you could do something like this:
<?php
session_start();
if( !isset( $_SESSION['hit_counted'] ) || !$_SESSION['hit_counted'] )
{
file_put_contents( 'hits.txt', (int)@file_get_contents( 'hits.txt' )
+ 1 );
$_SESSION['hit_counted'] = true;
}
?>

Note that for something older than PHP5, you would need to use
different file functions. Also, sessions will not store the count of
hits, you need a file or a database to do that. The above code will
create a hits.txt file if there is not one already. It is important to
remember that it will not count completely unique hits, but just count
once per session. If you want to try to make it completely unique, you
would not need sessions but cookies instead, or you could store IP
addresses in a database. You might as well try Google Analytics
(google.com/analytics) if you want serious traffic analysis (it's
free, and it's just a little JavaScript snippet that connects to
Google).

As for logins: yes, sessions are a good way to remember whether or not
someone is logged in and their user data if your session files are
secure.

-Mike PII
Thank you for taking the time out to explain some of the details. The point
you bring up about security worries me. I'm going to have to look into that
more.

What I'm going to do with the hits thing is just use there(the hosts)
statistics page. It gives a much more detailed view and I don't see any
reason to duplicate any code just for it. I'll look into the google thing
though as it seems cool.

Thanks,
Jon

Apr 28 '07 #4

This discussion thread is closed

Replies have been disabled for this discussion.