473,379 Members | 1,245 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > sessions and cookies

Join Bytes to post your question to a community of 473,379 software developers and data experts.

sessions and cookies

pradeepjain
563 512MB
I know this is the most spoken topic but i still am confused a bit.
I have a website developed using drupal (CMS tool) .Earlier when a user was logged in and closed the browser and when he again opened the browser , his logion wld be there as it is i.e he was not logged off when browser closed. to correct this
i had to make a settings like
ini_set('session.cookie_lifetime', 0);

which was earlier
ini_set('session.cookie_lifetime', 20000);

what difference did it make . and i remember checkboxes like "REMEMBER ME" and
"keep me signed in for 2 weeks" and "remember me on this computer" .what exactly happens when we click the link and how we are remembered .
Feb 3 '09 #1
4 1169
TheServant
1,168 Expert 1GB
They use cookies which are pretty much the same as sessions. The major difference is cookies are stored on your computer. So your site will check if they have a cookie stored and then collect variables stored in that cookie to use again. Sessions are stored by the server and cannot (to my knowledge) be kept after closing a browser and re-openning it? So unless it's something that I haven't come across (which is just as likely) your session information was stored as a cookie...

But to answer your question, remember me things use cookies, generally.
Feb 3 '09 #2
Atli
5,058 Expert 4TB
Yes, TheServant is right.

Typically, as you first open a page in your browser, the server will look for certain cookies, sent by your browser, which indicate whether or not you are already logged in. If this information is present, and if it validates, then the server typically loads this into a server-side session, which is kept throughout your stay on the web. If it is not present, you will be asked to log in, after which the cookie is created on your browser and the session created on the server.

Once you close your browser, the server-side session is destroyed, but the cookie will remain on the browser so that the server can identify you next time you visit.

If the server fails to create the cookie, or if you delete it or corrupt it on your browser, the server won't recognize you when you next visit and it will ask you to log in.
Feb 4 '09 #3
pradeepjain
563 512MB
@Atli
okie you mean to say that
ini_set('session.cookie_lifetime', 0);

will not create any cookie rite.

and when we say remember me...wht exactly is stored in cookie in browser..name=> passwd / session ID
Feb 4 '09 #4
Atli
5,058 Expert 4TB
@pradeepjain
No, that's not right.
To quote the manual:
session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser. The value 0 means "until the browser is closed." Defaults to 0.
Also note that the cookie this quote talks about is in no way related to the "Remeber me" feature we are talking about. This cookie is used by PHP to maintain the server-side session.

A "Remember me" feature needs to be coded by the the developer (you, that is). It is not something PHP does automatically. (Although your CMS might, I don't know.)

The cookies used for that need to be created manually, using the setcookie function, and they also need to be fetched and validated. And if they check out, the user needs to be logged in (the session needs to be created, that is).

@pradeepjain
Depends on your implementation.
This is typically the ID of the user and some sort of string that can be used to validate that this is in fact the user.
Like say, the user name, his password hash, and a bunch of "random" constants, all put together in a single SHA1 hash.

No matter how you implement this, you just need to make sure the string can be re-created by the server later, so it can be verified.

And keep in mind that cookies are in no way a secure place to store data, so make sure you don't put any data in a cookie you don't want anybody to see.
If you need to store stuff like user information, at least make sure it is hashed and/or encrypted in a way that won't allow somebody to steal the info.
Feb 4 '09 #5

Sign in to post your reply or Sign up for a free account.

Similar topics

1
cookies and sessions
by: windandwaves | last post by:
Hi Gurus I am basically sorry that I have to bother you about this. I am a PHP beginner and I have been studying sessions and cookies over the last few weeks. I have learned lots, but I am...
PHP
6
Cookieless ASP Sessions
by: JJ | last post by:
Hi, I really need to use cookieless ASP sessions with ASP 3 (IIS5) Can I find out the session ID from the first page, then post it or send it with the url to the next page, then at the start...
ASP / Active Server Pages
2
Cookies/sessions will not die - Browserhawk Test?
by: | last post by:
Its strange...I have experimenting with browser hawk by using the cookie sniffer method. However, even If adjust the security slider level in internet options or goto advanced in the privacy tab I...
ASP / Active Server Pages
2
Possible to turn on/off cookieless sessions dynamically on a case by case basis at run-time?
by: Steve Franks | last post by:
According to the docs you tell ASP.NET to use cookieless sessions by setting a value in the config.web file. However, what if I wanted to determine at run time whether or not I wanted to use...
ASP.NET
2
Sessions not retained in Firefox/Safari
by: Chris Mahoney | last post by:
Hi I'm using several Sessions in my app. When the user has cookies enabled in their browser, everything works fine. But with cookies disabled, only IE seems to remember the sessions. In Firefox...
ASP.NET
7
sessions vs cookies
by: Atte André Jensen | last post by:
Hi I'm developing a site where I'd like to store information during a users visit. So far I've been using sessions, but as far as I can tell it's not possible to control for how long a session...
PHP
6
Eternal Debate: Cookies vs. Sessions vs. QueryString
by: Paul | last post by:
Here is a question that should get everyone going. I have an ecommerce site where I need to pass the order_id to every page. So which method is the best practice to pass this variable between...
ASP.NET
13
Frinavale
Sessions - How To Pass Information Between Web Pages
by: Frinavale | last post by:
One of the most fundamental topics in web design is understanding how to pass information collected on one web page to another web page. There are many different ways you could do this: Cookies,...
ASP.NET
5
Why Do PHP Cookies and Sessions Work Even When Cookies Are Disabled?
by: jheines | last post by:
I am trying to explain how cookies and sessions work in a class I teach, but I have hit a wall when it comes to the interaction between cookies and the state of the privacy settings in Internet...
PHP
8
sessions - with or without cookies
by: Chuck Anderson | last post by:
I've instituted a sessions based scheme on my web site to combat hot linking to my images. When someone requests a page at my site, I set a session variable. I then use htaccess to redirect *all*...
PHP
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!