Felix Gilcher kirjoitti:
[EMAIL PROTECTED] <> schrieb am Freitag, 4. November 2005
13:35:
J. Erik Heinz <[EMAIL PROTECTED]> words on 04.11.2005 - 13:06 (+0100
Zulu-Time):
[ transfering key from one to another page ? ]
Sure I could attach it as get-parameter. But with this mechanism
i annul the whole security mechanism... I offer the client more
information than he need.
You must pass the session id to the user so that he can pass it on to
you on your next request.
Just to make sure everyone is talking the same language:
Session id and the key identifying data in $_SESSION are not the same thing.
1) Session id is automatically generated by the PHP engine and is
usually send to the client as a cookie (other possibility is use it as a
get parameter, you can change this in php.ini). The generated id is
unique (or at least so random that you can take it as unique). Agavi
database session storages use this id to identify rows in the session table.
2) You can store session data in the $_SESSION array. This is the array
that gets serialized into a database or a file. You can store whatever
data as long as it's serializable. The key names you use don't have to
"secret". They are visible only in you code.
-veikko
_______________________________________________
agavi-dev mailing list
[email protected]
http://labworkz.com/cgi-bin/mailman/listinfo/agavi-dev
