Hi, They are. The Session Id is stored in a cookie if Cookies are available. If not then the session ID is appended to your URL.
Sincerely, Mike -- Mike Brandonisio * IT Planning & Support Tech One Illustration * Database Applications tel (630) 759-9283 * e-Commerce [EMAIL PROTECTED] * www.techoneillustration.com On Mar 12, 2007, at 1:33 PM, Michael Sullivan wrote: > On Mon, 2007-03-12 at 10:20 -0800, Mike Franks wrote: >> Michael - >> >> You're storing the $directorid in session. Unless you've taken some >> extreme measures, session values are stored in cookies. Some users >> may >> have disabled cookies. >> >> See: http://us2.php.net/session >> >> Mike >> > But I thought session variables were stored on the hard drive of the > machine the web server is running on....? >> On 3/12/2007, "Michael Sullivan" <[EMAIL PROTECTED]> wrote: >> >>> First of all, I apologize for cross-posting this, but it is somewhat >>> urgent. The code I'm pasting below is the login script for my >> college's >>> Music Festival Web Interface. I say this is urgent because this >>> interface is in use as we speak. Thw way it works (or is supposed to >>> work) is this: A director registers for an account using the >>> registerdirector.php script (not included in this message). An entry >> in >>> the Director table of my mysql database is created. The director is >>> assigned a unique director_id, which identifies their ownership of >> all >>> data belonging to them. When they log in, a query is sent to the >>> database to return all data where email_address == their username. >>> Their password is checked against the password in the database. >>> Their >>> director_id is returned and placed in the $directorid variable. The >>> problem is that for some reason that I can't figure out, sometimes, >>> seemingly at random the $directorid variable is blank. It should >> never >>> be blank, and I can't even come up with a theoretical scenario >>> why it >>> would be blank. Here's what my Director table looks like: >>> >>> mysql> describe Director; >>> +---------------+-----------------+------+-----+--------- >>> +----------------+ >>> | Field | Type | Null | Key | Default | Extra >>> | >>> +---------------+-----------------+------+-----+--------- >>> +----------------+ >>> | director_id | int(5) unsigned | NO | PRI | NULL | >>> auto_increment | >>> | email_address | varchar(255) | NO | | | >>> | >>> | password | varchar(255) | NO | | | >>> | >>> | director_name | varchar(255) | NO | | | >>> | >>> | phone_number | varchar(17) | NO | | | >>> | >>> | fax_number | varchar(17) | YES | | NULL | >>> | >>> | cell_number | varchar(12) | YES | | NULL | >>> | >>> +---------------+-----------------+------+-----+--------- >>> +----------------+ >>> 7 rows in set (0.15 sec) >>> >>> And here's my code: >>> >>> <? >>> session_start(); >>> >>> require_once("miscfunc.php"); >>> >>> $page = "login.php"; >>> >>> include("dbconnect.php"); >>> $loginuser = $_POST['user']; >>> $loginpass = stripslashes($_POST['passwd']); >>> >>> $tableName = "Director"; >>> $query = "SELECT * FROM ".$tableName." WHERE email_address= >>> \"$loginuser\";"; >>> //print "$query<br><br>\n"; >>> $result = mysql_query($query, $link) or die ("Could not connect to >>> the database. ".mysql_error()); >>> $a_row = mysql_fetch_array($result, MYSQL_ASSOC); >>> >>> $string = $a_row['password']; >>> if ($loginpass == $a_row['password']) >>> { >>> >>> set_var("loggedin", true); >>> $emailaddress = $loginuser; >>> $loggedin = true; >>> >>> >>> set_var("loggedin", $loggedin); >>> set_var("loginuser", $loginuser); >>> set_var("emailaddress", $emailaddress); >>> >>> $directorid = $a_row['director_id']; >>> >>> if ($directorid == 0 || $directorid = " ") >>> { >>> //We have a problem >>> $message = $message."\nDirectorID = $directorid\n"; >>> $message = $message."\nLoginUser = $loginuser\n"; >>> $message = $message."\nPassword = $loginpass\n"; >>> if (!mail("[EMAIL PROTECTED]", "DirectorID 0", $message)) >> print >>> "There was a problem; Could not send a report of the problem to the >>> webmaster<br><br>\n"; >>> } >>> set_var("directorid", $directorid); >>> $action = "$loginuser logged in."; >>> $log = "INSERT INTO Logs (session_id, type, director_id, >>> time_stamp, action) VALUES(\"".session_id()."\", \"Login\", >>> \"$directorid\", \"".time()."\", \"$action\");"; >>> mysql_query($log, $link) or die("Could not create log record: >>> ".mysql_error()); >>> >>> >>> >>> include("mainpage.php"); >>> } >>> else >>> { >>> print "Login incorrect. Do you need to register?"; >>> include("index.php"); >>> } >>> ?> >>> >>> Please help. I don't want the directors who participate in our >> contest >>> to lose faith in our Music Program because of my mistakes... >>> -Michael Sullivan- >>> >> >> >> >> > > > > ------------------------ Yahoo! Groups Sponsor -------------------- > ~--> > See what's inside the new Yahoo! Groups email. > http://us.click.yahoo.com/0It09A/bOaOAA/yQLSAA/HKFolB/TM > -------------------------------------------------------------------- > ~-> > > Community email addresses: > Post message: [email protected] > Subscribe: [EMAIL PROTECTED] > Unsubscribe: [EMAIL PROTECTED] > List owner: [EMAIL PROTECTED] > > Shortcut URL to this page: > http://groups.yahoo.com/group/php-list > Yahoo! Groups Links > > >
