By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,278 Members | 1,357 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,278 IT Pros & Developers. It's quick & easy.

newbie: do I have to have session_destroy

P: n/a
Hello,
I am learning PHP5. I have a website that consists of two pages: index.php
and summary.php. In index.php the user is automatically moved to
summary.php with some $_SESSION data so I use session_end instead of
session_destroy on index.php page. And the user can manually (hyperlink) go
to index.php from summary.php with some $_SESSION data so I also use
session_end, not session_destroy, on summary.php.
Thus, I have no session_destroy call in my website code.
QUESTION: May it produce any problems?
Thanks a lot for your answers.
Oct 24 '08 #1
Share this Question
Share on Google+
7 Replies


P: n/a
As far as I know, the function session_end doesn't exist, unless you
meant something like session_unset or whatever.
So judging by what you want to do, then yes, session_destroy should be
what you need.

Jivanmukta wrote:
Hello,
I am learning PHP5. I have a website that consists of two pages: index.php
and summary.php. In index.php the user is automatically moved to
summary.php with some $_SESSION data so I use session_end instead of
session_destroy on index.php page. And the user can manually (hyperlink) go
to index.php from summary.php with some $_SESSION data so I also use
session_end, not session_destroy, on summary.php.
Thus, I have no session_destroy call in my website code.
QUESTION: May it produce any problems?
Thanks a lot for your answers.
Oct 24 '08 #2

P: n/a
Hello,
I am learning PHP5. I have a website that consists of two pages:
index.php and summary.php. In index.php the user is automatically
moved to summary.php with some $_SESSION data so I use session_end
instead of session_destroy on index.php page. And the user can
manually (hyperlink) go to index.php from summary.php with some
$_SESSION data so I also use session_end, not session_destroy, on
summary.php.
Thus, I have no session_destroy call in my website code.
QUESTION: May it produce any problems?
Thanks a lot for your answers.
Just another newbie here so for what it's worth:
I use session destroy because I discovered with forms, without it, the
user could easily go back into an earlier stage but past the point of
human-validation and keep on sending mails if he wanted to.
As I understand it, the session will be destroyed when the user
leaves and the server does the housecleaning, but that isn't very quick
to happan apparently, so might leave the session available for a long
time if the server is really busy.
I guess it depends on whether it matters to you whether the session
data remains there for some unknown period of time after the user is
done. What kind of damage could a malicious, unknown user do?

I'm sure someone more knowledgeable will come along shortly. I do know
php.net has a pretty good write-up on it too.

HTH

Twayne
Oct 25 '08 #3

P: n/a
Twayne wrote:
>Hello,
I am learning PHP5. I have a website that consists of two pages:
index.php and summary.php. In index.php the user is automatically
moved to summary.php with some $_SESSION data so I use session_end
instead of session_destroy on index.php page. And the user can
manually (hyperlink) go to index.php from summary.php with some
$_SESSION data so I also use session_end, not session_destroy, on
summary.php.
Thus, I have no session_destroy call in my website code.
QUESTION: May it produce any problems?
Thanks a lot for your answers.

Just another newbie here so for what it's worth:
I use session destroy because I discovered with forms, without it, the
user could easily go back into an earlier stage but past the point of
human-validation and keep on sending mails if he wanted to.
Not if you do it correctly. Each email would have to be validated.
As I understand it, the session will be destroyed when the user
leaves and the server does the housecleaning, but that isn't very quick
to happan apparently, so might leave the session available for a long
time if the server is really busy.
The website has no idea when the user leaves it. That's one reason for
a timeout value. Also, if you're using cookies to manage the session,
the session will be lost if the user clears cookies (often set as an
action when the browser is closed).

And the busier the server is, the more likely the session is to be
deleted after it expires.
I guess it depends on whether it matters to you whether the session
data remains there for some unknown period of time after the user is
done. What kind of damage could a malicious, unknown user do?
Not very much. The session ID is a long hexadecimal value which would
be almost impossible to guess.

And unless you're storing gobs of data in the $_SESSION, chances are
it's not going to cause you any problems with disk usage.
I'm sure someone more knowledgeable will come along shortly. I do know
php.net has a pretty good write-up on it too.

HTH

Twayne

And back to the original op - there is no session_end() call in PHP, so
where are you getting it from? What does it do?

Or perhaps do you mean session_close()?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Oct 25 '08 #4

P: n/a
On Oct 24, 1:00*pm, Michael Sherwood <coolha...@gmail.comwrote:
As far as I know, the function session_end doesn't exist, unless you
meant something like session_unset or whatever.
So judging by what you want to do, then yes, session_destroy should be
what you need.

Jivanmukta wrote:
Hello,
I am learning PHP5. I have a website that consists of two pages: index.php
and summary.php. In index.php the user is automatically moved to
summary.php with some $_SESSION data so I use session_end instead of
session_destroy on index.php page. And the user can manually (hyperlink) go
to index.php from summary.php with some $_SESSION data so I also use
session_end, not session_destroy, on summary.php.
Thus, I have no session_destroy call in my website code.
QUESTION: May it produce any problems?
Thanks a lot for your answers.
hey Jivanmukta, since you are learning PHP5 its probably good to try
and learn "best-practices" early to try and avoid common vices and
whatnot.

SESSIONS basically control an "interaction with your website over a
period of time/browser usage" - sorry its vague but ill clarify. so
really, once the user leaves your site its up to you to decide if the
information should still be available if he returns before closing the
browser (which unless there's an explicit expiration time-limit for
the session). in your case, for example if the user goes too another
website and then comes back to yours before closing his browser, if
you don't destroy the session the summary will contain the values from
before.
Oct 26 '08 #5

P: n/a
Twayne wrote:
>>Hello,
I am learning PHP5. I have a website that consists of two pages:
index.php and summary.php. In index.php the user is automatically
moved to summary.php with some $_SESSION data so I use session_end
instead of session_destroy on index.php page. And the user can
manually (hyperlink) go to index.php from summary.php with some
$_SESSION data so I also use session_end, not session_destroy, on
summary.php.
Thus, I have no session_destroy call in my website code.
QUESTION: May it produce any problems?
Thanks a lot for your answers.

Just another newbie here so for what it's worth:
I use session destroy because I discovered with forms, without it,
the user could easily go back into an earlier stage but past the
point of human-validation and keep on sending mails if he wanted to.

Not if you do it correctly. Each email would have to be validated.
Oh I know, I was just demo'ing how I originally came across it. I think
(famous last words) I have it in good shape now<g>.
>
> As I understand it, the session will be destroyed when the user
leaves and the server does the housecleaning, but that isn't very
quick to happan apparently, so might leave the session available for
a long time if the server is really busy.

The website has no idea when the user leaves it. That's one reason
for a timeout value. Also, if you're using cookies to manage the
session, the session will be lost if the user clears cookies (often
set as an action when the browser is closed).

And the busier the server is, the more likely the session is to be
deleted after it expires.
That I didn't know. It's counterintuitive IMO but no way I can argue it
either way. I was going on what I'd read but it's hard to be sure
sometimes that one is looking at full context with things like that.
Thanks for the correction.
>
> I guess it depends on whether it matters to you whether the
session data remains there for some unknown period of time after the
user is done. What kind of damage could a malicious, unknown user
do?

Not very much. The session ID is a long hexadecimal value which would
be almost impossible to guess.

And unless you're storing gobs of data in the $_SESSION, chances are
it's not going to cause you any problems with disk usage.
>I'm sure someone more knowledgeable will come along shortly. I do
know php.net has a pretty good write-up on it too.

HTH

Twayne


And back to the original op - there is no session_end() call in PHP,
so where are you getting it from? What does it do?

Or perhaps do you mean session_close()?
I noticed that, and someone else mentioned it, too. I just assumed he
was paraphrasing but it's still a good point, just in case, in
retrospect.

Regards,

Oct 26 '08 #6

P: n/a
On Oct 24, 1:00 pm, Michael Sherwood <coolha...@gmail.comwrote:
>As far as I know, the function session_end doesn't exist, unless you
meant something like session_unset or whatever.
So judging by what you want to do, then yes, session_destroy should
be what you need.

Jivanmukta wrote:
>>Hello,
I am learning PHP5. I have a website that consists of two pages:
index.php and summary.php. In index.php the user is automatically
moved to summary.php with some $_SESSION data so I use session_end
instead of session_destroy on index.php page. And the user can
manually (hyperlink) go to index.php from summary.php with some
$_SESSION data so I also use session_end, not session_destroy, on
summary.php.
Thus, I have no session_destroy call in my website code.
QUESTION: May it produce any problems?
Thanks a lot for your answers.

hey Jivanmukta, since you are learning PHP5 its probably good to try
and learn "best-practices" early to try and avoid common vices and
whatnot.

SESSIONS basically control an "interaction with your website over a
period of time/browser usage" - sorry its vague but ill clarify. so
really, once the user leaves your site its up to you to decide if the
information should still be available if he returns before closing the
browser (which unless there's an explicit expiration time-limit for
the session). in your case, for example if the user goes too another
website and then comes back to yours before closing his browser, if
you don't destroy the session the summary will contain the values from
before.
And, if I may interject, it's fairly easy to demo to one's self and see
it occur. Since the browser has the data stored, it's easy to go
somewhere else meantime and then come back to that part of pages. It
makes sense: Regardless of what you're doing, all the server knows is
that you took a longer period of time to enter the data it was waiting
for. But closing the browser throws away the cache you need and it no
longer works.
Oct 26 '08 #7

P: n/a
Twayne wrote:
>Twayne wrote:
>>>Hello,
I am learning PHP5. I have a website that consists of two pages:
index.php and summary.php. In index.php the user is automatically
moved to summary.php with some $_SESSION data so I use session_end
instead of session_destroy on index.php page. And the user can
manually (hyperlink) go to index.php from summary.php with some
$_SESSION data so I also use session_end, not session_destroy, on
summary.php.
Thus, I have no session_destroy call in my website code.
QUESTION: May it produce any problems?
Thanks a lot for your answers.
Just another newbie here so for what it's worth:
I use session destroy because I discovered with forms, without it,
the user could easily go back into an earlier stage but past the
point of human-validation and keep on sending mails if he wanted to.
Not if you do it correctly. Each email would have to be validated.

Oh I know, I was just demo'ing how I originally came across it. I think
(famous last words) I have it in good shape now<g>.
>> As I understand it, the session will be destroyed when the user
leaves and the server does the housecleaning, but that isn't very
quick to happan apparently, so might leave the session available for
a long time if the server is really busy.
The website has no idea when the user leaves it. That's one reason
for a timeout value. Also, if you're using cookies to manage the
session, the session will be lost if the user clears cookies (often
set as an action when the browser is closed).

And the busier the server is, the more likely the session is to be
deleted after it expires.

That I didn't know. It's counterintuitive IMO but no way I can argue it
either way. I was going on what I'd read but it's hard to be sure
sometimes that one is looking at full context with things like that.
Thanks for the correction.
From the doc:

"session.gc_divisor coupled with session.gc_probability defines the
probability that the gc (garbage collection) process is started on every
session initialization. The probability is calculated by using
gc_probability/gc_divisor, e.g. 1/100 means there is a 1% chance that
the GC process starts on each request. session.gc_divisor defaults to 100."

So the faster you initialize sessions (typically the busy you are), the
higher your odds of running the session gc.

>> I guess it depends on whether it matters to you whether the
session data remains there for some unknown period of time after the
user is done. What kind of damage could a malicious, unknown user
do?
Not very much. The session ID is a long hexadecimal value which would
be almost impossible to guess.

And unless you're storing gobs of data in the $_SESSION, chances are
it's not going to cause you any problems with disk usage.
>>I'm sure someone more knowledgeable will come along shortly. I do
know php.net has a pretty good write-up on it too.

HTH

Twayne

And back to the original op - there is no session_end() call in PHP,
so where are you getting it from? What does it do?

Or perhaps do you mean session_close()?

I noticed that, and someone else mentioned it, too. I just assumed he
was paraphrasing but it's still a good point, just in case, in
retrospect.

Regards,
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Oct 26 '08 #8

This discussion thread is closed

Replies have been disabled for this discussion.