Re: [PHP] Session deletion on window close?
Uhhh? Closing a browser window, does definetly NOT delete the session. Closing a Browser Window simply does nothing on the Server-Side, so there's no command to delete a session executed. If someone manages to grab the sessionid (or the cookie) and opens the Page again, the session is still active. Neil is completely right, if he tries to generate a new GET-Request to a special log-out page on the server that uses session_destroy(). Well, I've no experence in using the window.onclose or document.onunload events with Netscape Javascript, but something like that should be the right way, if you need to be really save that a session is destroyed. Bruno Nick Wilson [EMAIL PROTECTED] schrieb im Newsbeitrag [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 * On 22-01-02 at 11:30 * Neil Freeman said Does anyone have any suggestions as to how I could achieve the following: a) Browser window closed by user clicking on [X] No but I'm sure someone will. b) 'Logging out' page opened (which handles the PHP session deletion). When a user closes the browser (any browser) the session is ended. You don't need to manually terminate it. HTH - -- Nick Wilson Tel: +45 3325 0688 Fax: +45 3325 0677 Web: www.explodingnet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE8TUBSHpvrrTa6L5oRAn45AJ4kltU6UKb+JCSamfgUfQ+e1CPIKACff0Xn NlVo2ttprA1xjdLz6lB3DWg= =BOV1 -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] P3P Implementation and PHP-Sessions
Hi, I assume everyone has heard of P3P (Platform for Privacy Preferences), so I'll skip explaining in detail what it is. If you don't know, just skip this message *g*. I've got one Problem with this, and PHP may solve it: P3P has absolutely no Application-Server/Scripting support. It's just a simple XML-File that tells the User what (personal) data the Website collects, and is Requested with hard-coded relative URL's. Assume a PHP Website with URL-based Session's. A User Request the Homepage (/index.phtml) - he's anonymous, collected data is anonymous. The (static) P3P File tells the User that the collected data is anon. Well, now the User logs-in via a Form-Submit and reloads the Page (/index.phtml). The information is set in the PHP-Session, the User is shown other (personalized) Content, but the P3P-File is still the same, telling the user, that the collected data is still anonymous - this is (or may be) wrong now. P3P has no mechanism to handle this case, in P3P you can only set a different policy for (sub-)folders (differrent URI's). The problem is, that the GET Request is absolutely the same, it doesn't matter if the user is logged-in or anonymous (well, it would be a security hole, if someone is able to find out, if a user is logged-in when (s)he takes a look at the URL, hm?). Sure, it's possible to copy all templates to another subfolder and link logged-in users to this one, but why should I do so? The advantage of using templates (a I define them) is that they just show any content. They don't care if this content is personalized or not. The content is prepared by the business logic - programmed in PHP - and stored in a database. This way, I'm able to use the same templates for logged-in and anonymous users - well, half the work to do... I already talked to some P3P-Members, they think, it is no Problem, but didn't provide a solution - at least none I was able to understand *g*. I think, P3P should (must!!) be supported by the Application-Server or Scripting Language. It should be possible to catch a request for a P3P file from the Webserver, match Information from the Session, and generate the correct XML-contents on the fly or assign a matching P3P-File. Links: P3P - http://www.w3.org/P3P/ One of our Website's that will have the described problem. (Not coded in PHP - we do quite the same thing with PHP and the BroadVision Application Server): http://www.siemens.de/solutionprovider/dialog Bruno Baketaric Development Director WOB Interactive AG Werner-Heisenberg-Strasse 6a 68519 Viernheim Fon +49 (0)6204.970-274 Fax +49 (0)6204.970-211 E-Mail: [EMAIL PROTECTED] ICQ: 818981 http://www.wob.ag http://www.bbn-advertising.com Part of: BBN The multicultural agency -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: call_user_func problem
Hi, just do it like this - the result will be the same, and $bar is still passed by reference: $result = call_user_func(foo, $bar); function foo( $bar ) { $bar .= 'foobar'; return 1; } _ This error just tells you, that you have to declare pass-by-reference in your functions, and cannot use a generic function, that sometimes takes parameters by reference and sometimes by value. This problem has nothing to do with call_user_func(). C [EMAIL PROTECTED] schrieb im Newsbeitrag [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Prior to 4.0.6 it worked fine, however, now when I try: $result = call_user_func(foo, $bar); function foo( $bar ) { $bar .= 'foobar'; return 1; } I get this: Warning: Call-time pass-by-reference has been deprecated - argument passed by value; If you would like to pass it by reference, modify the declaration of call_user_func(). If you would like to enable call-time pass-by-reference, you can set allow_call_time_pass_reference to true in your INI file. However, future versions may not support this any longer. Does that mean I can't pass by reference anymore? I kinda need to (the two functions above are not my actual functions btw) Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]