Thanks a lot. 
The other day I have talked with one of my classmates and say that
there is nearly no essential differences between session and url 
variables, after I read your answer I know that it does have.
I have tried your way of using session, it does make sense in differentiate
between session and url variables.

I still can't find whether there is a life-time for session. Could you help
Best Wishes!

----- Original Message ----- 
To: "'mintbaggio'" <[EMAIL PROTECTED]>
Sent: Tuesday, August 13, 2002 3:27 AM
Subject: RE: [PHP] Some questions.

> Turn off register globals and use the superglobals, if this doesn't make
> sense refer to the PHP manual available at
> Basically as of PHP 4.1 all session variables are accessible by using
> $_SESSION['name'] for example.
> Example1.php
> <?php
> session_start(); // start session using session start
> $_SESSION['name'] = 'Jason Sheets'; // create and register a
> variable
> ?>
> Example2.php (this file accesses the variable from example1)
> <?php
> session_start(); // start session using session start
> print 'Your name is: ' . $_SESSION['name'] . '<br>'; // print line
> containing variable
> When you have register globals off or you use superglobals post and get
> information will not be propagated to the session array, meaning that even
> if the user sets loggedin=1 in their url when you check if
> $_SESSION['loggedin'] == 1 it will be false unless they logged in.
> Jason
> -----Original Message-----
> From: mintbaggio [mailto:[EMAIL PROTECTED]] 
> Sent: Monday, August 12, 2002 11:43 AM
> Subject: [PHP] Some questions.
> Hello
> I'm a Chinese university student,I want to ask some questions about session.
> These days I'm build a website for my university with PHP, But I meet a 
> question when I develop the part of User Management: After I have log out 
> from a user page(I use "session_unset()" and "session_destroy()"),I can 
> return to the page again by click the button "Back"to that pagea and refresh
> it, the user page can be shown again. This is unsafe.
> So I want to ask that the function "session_unset" and "session_destroy()"
> will
> destroy session immediately or there is a life-time for session. In my
> memory,
> I think that there is a life-time for session and the life-time can be
> configured.
> Another question:
> If the user log page is "main.php",the page for authenticate the user is
> "login.php"
> I use session to store the infomation of user such as :
> session_register($userid);
> But if the variables in the session are unfortunately be known by somebody
> else.
> and he can visit others' information bye the url:"login.php?userid=***",how
> can solve
> these problem? use a ugly but difficult session varable?
> Just two questions.
> Thanks a lot.
> Wish back soon!
> Best wishes

Reply via email to