Actually I have had a couple people respond about the code order that I wrote, so I am going to try and see if that works.
You're right I do store the username/passwd in the session, and I do encrypt both the session password and the database password. I am trying to make this very secure :) You cannot decrypt them either which is nice. I just don't like having a session file there for longer then it has to be. I do know about php's garbage collecting so I don't have to worry about that.. I think the problem is more the second choice you gave me :) I like cleanliness, since I am a designer gone coder, it needs to look good :) Everything works beautifully though and it doesnt matter all that much if I have to wait until the garbage collector comes by, but when a function doesnt do what it's supposed to do.. I try to find out why.. and if it's me that's screwing up or something else.. Thanks for your reply and I AM going to get this to work! *grin* Rick > destroying session vars never worked for me either. it hasnt for quite some > time. now why its important you destoy them other then cleanup, I dont know > your reasons. Im going to guess. > > - you store username/passwd in sessions and because httpd runs as nobody, > anyone on the server can read them. ans: chroot telnet, telnet, ftp, it > should be done anyhow. dont store passwd's in plain text, encypt them and > compare the encryped passwd to the storeed encrypted passwd on the server, > if correct, great. you should do it this way anyhow. > - your finatical about cleanlyness and code perfect. ans: so am I. I rip > hair out and call it a day. dont stress it. > - you think you *have* to do this just to get sessions working: ans: wrong > - you think these files will stay on the server forever and fill your HD. > ans: wrong, check php.ini for session_gc (garbage collection) > > email me any questions. > > -- > > Chris Lee > [EMAIL PROTECTED] > > > > "Richard Baskett" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> Unusual that I didnt even get one response, so I shall try again! :) >> >> Ok why does this not work? >> >> session_name(adminid); >> session_start(); >> unset($sess); >> session_unset(); >> session_destroy(); >> session_write_close(); >> $sess = 0; >> >> etc etc etc etc etc etc.. >> >> After all that is executed I take a look at the session file and what do I >> see? All the session variables still there... and the file still there >> also! How can I get rid of them? >> >> Rick >> > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
