[PHP] re: session question
Nevermind... I don't know what the problem is yet but it's not the folder. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: session question
ORIGINAL # I have an index.php page which does not user session_start(); command. However in this index.php page, there are some $_SESSION['...']; variables stored. How is it possible that $_SESSION['...']; works even if no session has been created before ? moreover, if i use a print Session ID : .session_id(); after those lines, session_id() is empty (which is logical) as no session_start(); command has been used before. So, how is it possible that $_SESSION['..'] works ? Do i have a session created or not ? END ORIGINAL If you treat $_SESSION['username'] as a variable and set its value and then print it or check it. It will display the value but value will not be maintained for the next pages e.g. for index.php you dont use session_start() but you do the follow $_SESSION['username']=some value; echo $_SESSION['username']; //this will print some value So, in your case it is possible that some page is being included that is starting a session or setting up variable. -- Regards Fahad Pervaiz www.ecommerce-xperts.com (Shopping Cart Applications, Framework for Multilingual Web Sites, Web Designs) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: session question (4.1.1)
how did u check? with a if? u should use the session_is_registered function instead,
http://www.php.net/manual/en/function.session-is-registered.php
if(!session_is_registered(\user\)){
print \invalid user\;
exit;
}
// your other code here
and yes, turning off register globals is a good idea :)
I am trying to implement a user authentication/login system using PHP 4.x\'s
built in session functions. Upon a successful login, there is a
session_register(\'uid\',\'uname\',\'status\'). On pages that require someone to
be an authenticated user I check against HTTP_SESSION_VARS[\'uid\'] to make
sure it is not null, is greater then 0, and i also check the
HTTP_SESSION_VARS[\'uname\'].
This seemed to be working until I tried to see what would happen if I fed
it a query string. I fed a \secure\
page ?action=edituid=3uname=jonstatus=true and my check still failed
me, but then when i went back to the same secure page without the bogus
query string, I was in fact authenticated as the user i forced through.
Is it possible that global vars even if not registered via
session_register() to end up the HTTP_SESSION_VARS array? I was under the
impression that the OLY variables and values that would be in this array
were those that were explicity registered via session_register().
Should i disable register_globals?
--Jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: session question: session.auto_start vs. session_register.
session.auto_start is only usefull when not using classes as session variables. because a class must be defined before it can be created (or brought back to life from a session) it must be defined, this cant be done with session.auto_start. I dont use session.auto_start. I find the ability to use class's as session variables much more handy. -- Chris Lee [EMAIL PROTECTED] Kurt Lieber [EMAIL PROTECTED] wrote in message E16Bitf-00049T-00@z8">news:E16Bitf-00049T-00@z8... I am working on an open source e-commerce package and have hit a wall with sessions. If I have session.auto_start turned on, I get the following error message: Fatal error: The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition shoppingcart of the object you are trying to operate on was loaded _before_ the session was started in path to my file on line 12 If I turn session.auto_start off, the error disappears. So, the error message tells me that I can't use the class unless I've defined it before the session gets started. However, session.auto_start (as far as I know) starts a session immediately, before even waiting for a script to be fully parsed executed. So, the two seem mutually exclusive. (but then the usefullness of session.auto_start would seem extremely limited) Is there a way I think there's some glaring errors in my understanding here. Can someone help me fill in the holes? --kurt -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: SESSION question.
You should be able to configure Apache to force the www. to appear, no matter what they type, or to keep using what they typed, if you didn't use any full URLs. -- WARNING [EMAIL PROTECTED] address is an endangered species -- Use [EMAIL PROTECTED] Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm - Original Message - From: Mehmet Kamil Erisen [EMAIL PROTECTED] Newsgroups: php.general To: [EMAIL PROTECTED] Sent: Friday, August 17, 2001 6:05 PM Subject: SESSION question. Hello, I have implemented a user login with PHP Session functions. THe problem I have is that if the user is logged in the site using http://mysite.com/login.php and starts a session, the session is not recognized when user is trying to utilize the site with http://www.mysite.com/dosomething.php any suggestions? thanks, erisen. ultrAslan. = Mehmet Erisen http://www.erisen.com __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
