At 2003-08-16 23:28 +0200, Peda wrote:
I have some problem on my site.
When I'm using this PHP script:
?php
session_start();
session_register( aUser, aAccount );
$aUser = Cidnie;
$aAccount = 1016;
?
?php print( Current User: $aUser
); print( Current Account: $aAccount
);
* Thus wrote Jaap van Ganswijk ([EMAIL PROTECTED]):
At 2003-08-16 23:28 +0200, Peda wrote:
When you have a shell login, try this:
- cd /tmp
- chown . your_user_name
This probably gives an error warning.
- chmod u+rw .
Don't set your /tmp directoy to those settings. /tmp is a system
At 2003-08-16 22:45 +, Curt Zirzow wrote:
* Thus wrote Jaap van Ganswijk ([EMAIL PROTECTED]):
At 2003-08-16 23:28 +0200, Peda wrote:
When you have a shell login, try this:
- cd /tmp
- chown . your_user_name
This probably gives an error warning.
- chmod u+rw .
Don't set your /tmp
As others have pointed out already, your problem indeed is about not being
able to write in the tmp directory. Also, as others have pointed out, if
it's not your server you would not be able to change file permissions of the
/tmp directory. Your solution is probably found in changing the path
* Thus wrote Jaap van Ganswijk ([EMAIL PROTECTED]):
At 2003-08-16 22:45 +, Curt Zirzow wrote:
* Thus wrote Jaap van Ganswijk ([EMAIL PROTECTED]):
At 2003-08-16 23:28 +0200, Peda wrote:
When you have a shell login, try this:
- cd /tmp
- chown . your_user_name
This probably
Just a note, in most cases where you have your own private /tmp it is
not the same /tmp PHP uses. You are in a chrooted or jailed environment
with a virtual /tmp where usually Apache runs outside this restricted
environment , the biggest reason being running a seperate set of Apache
processes
-Original Message-
From: Nicholas Robinson [mailto:[EMAIL PROTECTED]
Sent: 27 July 2003 23:40
Many thanks, that's fixed it!
On Sunday 27 Jul 2003 10:42 pm, Chris Shiflett wrote:
--- Nicholas Robinson [EMAIL PROTECTED] wrote:
I've noticed that links in my pages are getting the
--- Nicholas Robinson [EMAIL PROTECTED] wrote:
I've noticed that links in my pages are getting the sessionid
added as a GET parameter.
The session.use_trans_sid directive is enabled in your php.ini. Disable it if
you do not want this behavior.
Hope that helps.
Chris
=
Become a better Web
Many thanks, that's fixed it!
On Sunday 27 Jul 2003 10:42 pm, Chris Shiflett wrote:
--- Nicholas Robinson [EMAIL PROTECTED] wrote:
I've noticed that links in my pages are getting the sessionid
added as a GET parameter.
The session.use_trans_sid directive is enabled in your php.ini. Disable
You called session_start() too far down the page... and by that time,
you had already outputted something (text, html, or even just blank
lines) to the browser.
1. rearrange you code so that session_start() is as close to the top as
possible
2. implement output buffering
Justin
On Friday,
Kirk,
Thanks for the input.
I've never been certain about the register_globals setting. From what I
read I understood it that since I use the new method and have my dev site
set to off that it wouldn't be a problem.
As it turns out my dev site has globals OFF, test site ON and target site
ON.
You need to make sure that when you are being directed to the other pages that the session
name and session id are being passed. Check session.use_trans_sid in the sessions section
of phpinfo(). The session name and id are available globally after a session has been
started as the constant
Web Dev/Design Community/Zine
www.developercube.com
- -Original Message-
From: Jason k Larson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 08, 2003 11:15 AM
To: Dave Alger
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Sessions
You need to make sure that when you are being directed
This works fine on my development PC, (PHP v 4.3.1) and on
my primary test
site (PHP v4.2.2).
However when I try it on the target site (PHP v4.1.2) then I find that
immediately after starting the session everything works fine,
however when I
move to any other page the session information
-
From: - Edwin - [EMAIL PROTECTED]
To: Bob Irwin [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, June 27, 2003 2:39 PM
Subject: Re: [PHP] Sessions Question
Bob Irwin [EMAIL PROTECTED] wrote:
Aside from the fact that bad code can obviously make sessions hackable,
what
does everyone
-Original Message-
From: Bob Irwin [mailto:[EMAIL PROTECTED]
Sent: 27 June 2003 08:01
Oops.
Forgot to remove the Re: - it was a new thread - I just
replied to an old
message to get the php list email address
That's exactly what you shouldn't do. Most newsreaders, and some
As a suggestion can you simply redisplay your form on the error page and
such avoid having to use the back button? This would also allow you to
actually display the error at the place the error occurs.
Another thing you might want to try is using a cache header that allows
the browser to cache
Bob Irwin [EMAIL PROTECTED] wrote:
Aside from the fact that bad code can obviously make sessions hackable, what
does everyone think about the security of sessions?
I rely on them fairly heavily for low-mid range security on some of my
scripts, but if I was to do something that involved
Bibhas,
I'm sure I've read somewhere that this is a deliberate security feature with using
sessions - i.e. you can't view contents of form fields by using the back button on
your browser.
Couldn't you use JavaScript to ensure that the data is validated on the client side
before the form is
Thanks Michael,
Can you suggest any other method (without using session_start)
by which I can track users and validate for each page.
What I do currently , in the login page register the user using sessions
and in other pages see if user is registered.
I need to restrict each page based on
Did you try taking a look at the manual?
Tyler
- Original Message -
From: Lee Elenbaas [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 1:06 PM
Subject: [PHP] Sessions?
Hi,
I have failed to find the information I am looking for on session
management
by PHP -
On Wed, 2003-06-18 at 11:06, Lee Elenbaas wrote:
Hi,
I have failed to find the information I am looking for on session management
by PHP do they use cookies? Is there a way to use URL rewriting? How do I
find the timeout time? is there a way to close a session manually?
It seem to me like
On Jun 14, 2003, Ryan A claimed that:
|Hi,
|I have been reading up on the old discussions on this list as i was very
|busy for the past few daysand i saw a very intresting topic regarding
|sessions and security.
|
|I really didnt understand some of the things you guys wrote on hi-jacking a
JH are associated with a specific id. First, URLs carrying session ids. If
JH you link to an external site, the URL including the session id might be
JH stored in the external site's referrer logs. Second, a more active
JH attacker might listen to your network traffic. If it is not encrypted,
JH
-Original Message-
From: Angelo Zanetti [mailto:[EMAIL PROTECTED]
Sent: 11 June 2003 14:09
session_register('user');
$_SESSION['user'] = ebusUser;
Just one other quick point here: if you use the $_SESSION array, you don't
need to -- and, in fact, should not -- use
page 1 : login.php
input user name - Post veriable
input password- post variable
page 2 : verify.php
session_start()
// supposing name is entered
if (!$_POST['password'] == )
{
// verification against database
if (successfully authenticated)
{
... [shortened]
Then I want the session to call authPage (because the pw is correct) together with
the session variable. The way I am doing this (doesnt seem to be working) is to call
authPage with as a header call eg:
header(Location: authPage.php);
The problem I think I am having is
-Original Message-
From: Wim Paulussen [mailto:[EMAIL PROTECTED]
Sent: 11 June 2003 14:28
page 1 : login.php
input user name - Post veriable
input password- post variable
page 2 : verify.php
session_start()
// supposing name is entered
if (!$_POST['password'] == )
-Original Message-
From: Jason k Larson [mailto:[EMAIL PROTECTED]
Sent: 09 June 2003 22:23
Try adding the SessionID to the URL.
openEdit(add=eventamp;cellid=10amp;?PHP echo Session_Name
().'='.Session_ID();?);
or a little better:
$thisSession =
-Original Message-
From: Kevin Stone [mailto:[EMAIL PROTECTED]
Sent: 09 June 2003 23:54
- Original Message -
From: Emma Jane Hogbin [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
What ended up working was passing the session ID to the
pop-up window
manually by including it
On Tue, Jun 10, 2003 at 10:47:58AM +0100, Ford, Mike [LSS] wrote:
Well, first of all the fact that this solution works means it has nothing to do with
the output buffering setting, nor whether there's a session_write_close() in the
calling script (although that's good practice
On Mon, Jun 09, 2003 at 09:26:45PM +0200, winst0n wrote:
Hi, try to write a @session_start(); in ur popup windows... it will call the
last session opened by the client.
I already do thatboth the parent and the main window call a file which
has the session_start in it. I believe the problem
- Original Message -
From: Emma Jane Hogbin [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, June 09, 2003 1:08 PM
Subject: Re: [PHP] sessions, IE and pop-up windows
On Mon, Jun 09, 2003 at 09:26:45PM +0200, winst0n wrote:
Hi, try to write a @session_start(); in ur popup windows
On Mon, Jun 09, 2003 at 02:27:50PM -0600, Kevin Stone wrote:
I'll bet you're using an onLoad command to launch the popup aren't you. Use
Output Buffering to keep stdout from flushing before the parent script dies.
If my assumption about onLoad is correct then that'll solve your problem.
Um
- Original Message -
From: Emma Jane Hogbin [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, June 09, 2003 2:32 PM
Subject: Re: [PHP] sessions, IE and pop-up windows
On Mon, Jun 09, 2003 at 02:27:50PM -0600, Kevin Stone wrote:
I'll bet you're using an onLoad command to launch
On Mon, Jun 09, 2003 at 03:23:16PM -0600, Jason k Larson wrote:
or a little better:
$thisSession = Session_Name().'='.Session_ID();
openEdit(add=eventamp;cellid=10amp;?PHP echo $thisSession;?);
This plus a reboot did the trick, THANKYOU!!
Then of course the editsmall.php must still do a
On Mon, Jun 09, 2003 at 03:56:28PM -0600, Kevin Stone wrote:
I still believe what's happening is the edit script is being executed before
the parent script has died. Are you doing some kind of looping background
process or something that's keeping the parent script from exiting?
No. In fact I
*woot!* :)
I love being right. ;)
--
Jason k Larson
Emma Jane Hogbin wrote:
What ended up working was passing the session ID to the pop-up window
manually by including it in the function (and thus the URL).
emma
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
- Original Message -
From: Emma Jane Hogbin [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, June 09, 2003 4:21 PM
Subject: [PHP] solved Re: [PHP] sessions, IE and pop-up windows
On Mon, Jun 09, 2003 at 03:56:28PM -0600, Kevin Stone wrote:
I still believe what's happening
Well you are partly right Chris. But the client automatically sends the
cookie with the HTTP request. IE your request for a cookie doesn't send a
separate request header to the client.
You might want to check to see if you are accidentally outputting something
else after you call
When using PHP sessions, if the user's browser supports
cookies, PHP sets the session id as a cookie (so far as I
understand it). So when trying to use the session ID in a
script, a cookie request is sent to the browser to get the ID
and assigns it to the internal variable $PHPSESSID (again,
What errors, exactly? Can you show some examples?
The errors are not PHP. They are from the browser trying to open the
data being sent from the server (the HTML or binary data) in the appropriate
program. eg, Acrobat for PDF, Word for DOC, Excel for XL.
For this particular case, I'm using the
Are you downloading these files over HTTPS://?
Ed
-Original Message-
From: Chris Boget [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 04, 2003 10:24 AM
To: CPT John W. Holmes; PHP General
Subject: Re: [PHP] Sessions and headers
What errors, exactly? Can you show some examples
Are you downloading these files over HTTPS://?
Yes. But I just tried to force HTTP:// and that didn't
change anything.
thnx,
Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Try including session_cache_limiter('public'); before your
session_start(); call at the top of the page.
ed
-Original Message-
From: Chris Boget [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 04, 2003 10:40 AM
To: Ed Gorski; 'CPT John W. Holmes'; 'PHP General'
Subject: Re: [PHP
Try including session_cache_limiter('public'); before your
session_start(); call at the top of the page.
This is *exactly* what I needed!! It worked perfectly. Thank
you Ed, John very much for your feedback with this issue!
Chris
--
PHP General Mailing List (http://www.php.net/)
To
Some great points in here George - but it leaves me hanging
What are the options? If we are not to use a 'state-ful' system, how do you
track users preferences, login/logout states, shopping baskets, and other
items that need sessions or some other type of reliable tracking method?
Not that
George,
Having created an invoicing system using php , I very clearly understand the
advantage the session construction holds : the information is maintained on
the server, rather than floating around in cyberspace between the client and
server each and every time you exchange information.
If you
Wim
While I do see the usefullness of sessions, I have to disagree with you
on the security aspect. A session ID is just as vulnerable to sniffing
as is a username / password combination. The only security you gain from
using it instead is that it's value is time limited. If your application
on 31/05/03 1:26 AM, George Whiffen ([EMAIL PROTECTED]) wrote:
1. Heterogeneous Code Environments
php session data is not easily accessible from non-php code e.g.
Perl/C/ASP etc. In contrast, either client-stored data e.g. cookies,
hidden posts, get variables, or data stored in a structured
On Fri, 30 May 2003, George Whiffen wrote:
1. Heterogeneous Code Environments
php session data is not easily accessible from non-php code e.g.
Perl/C/ASP etc. In contrast, either client-stored data e.g. cookies,
hidden posts, get variables, or data stored in a structured database
table,
Nicholas F. Singh wrote:
Hello all you great PHPers,
Who among you can solve this tricky problem?
OK, a little background: my goal is to send local POST requests to some of my php pages from **within** a php program. I have already successfully done simple POST data transfers with sockets using
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 11:11 AM
Subject: Re: [PHP] [sessions] using [sockets]. Very tough!
Nicholas F. Singh wrote:
Hello all you great PHPers,
Who among you can solve this tricky problem?
OK, a little background: my goal is to send local
session info TST1 is. Know what I mean? I
wonder how I can resolve this...
Thanks for the reply!
- Original Message -
From: Marek Kilimajer [EMAIL PROTECTED]
To: Nicholas F. Singh [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 11:11 AM
Subject: Re: [PHP] [sessions] using
on my server, Apache).
Thanks again, Marek.
NFS
- Original Message -
From: Marek Kilimajer [EMAIL PROTECTED]
To: N. F. Singh [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 11:24 AM
Subject: Re: [PHP] [sessions] using [sockets]. Very tough!
You can do:
session_start
Bk,
You would have to somehow pass all session variables onto the
new host since session variables are stored server-side. You would have
to have a function that took all session variables and passed them to
the new domain including session id... then you would need a function
that
to other
domain/a';
SID is a constant.
---John Holmes...
- Original Message -
From: Steven Kallstrom [EMAIL PROTECTED]
To: 'bk' [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, May 28, 2003 9:47 AM
Subject: RE: [PHP] sessions and domains
Bk,
You would have to somehow pass all
bk wrote:
I've to set up a shared shopping cart to buy items
from four different sites and pay them at once
passing trough a single checkout.
Provided that these sites are hosted on the same
server (actually in the same directory), but have
different names, is it possible to share php
sessions
My advice is to first get REALLY comfortable with sessions in a non-framed
environment... get a grip on logging in, logging out, showing different code
for logged in members, restricting a user from doing something more than
once, etc etc.
THEN try to get it happening in a framed environment.
As
Why? You wouldn't even know it happened - nor would the site. This is just a
security precaution.
- Original Message -
From: Jason Wong [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, March 22, 2003 2:25 AM
Subject: Re: [PHP] Sessions question
On Saturday 22 March 2003 08:09
]
Sent: Friday, March 21, 2003 2:46 AM
Subject: Re: [PHP] Sessions question
on 21/03/03 4:57 PM, Beauford.2002 ([EMAIL PROTECTED]) wrote:
I have read some posts to this list on sessions and have read as much as
I
can find on them, but one problem still exists which I can't figure out.
How
do I
: [PHP] Sessions question
on 21/03/03 4:57 PM, Beauford.2002 ([EMAIL PROTECTED]) wrote:
I have read some posts to this list on sessions and have read as much as
I
can find on them, but one problem still exists which I can't figure out.
How
do I kill the session when the user leaves my site
-Original Message-
From: Justin French [mailto:[EMAIL PROTECTED]
Sent: 21 March 2003 15:59
on 22/03/03 2:27 AM, Beauford.2002 ([EMAIL PROTECTED]) wrote:
What about cookies - someone said if you put no time limit
on a cookie it
dies when you leave the site - I'm not sure about
To: Beauford.2002; PHP General
Subject: Re: [PHP] Sessions question
I think it's defined as when the browser is closed, not
when the browser is no longer in your domain -- but you'd
have to ask an expert or read the specs to be sure.
Justin
on 22/03/03 2:27 AM, Beauford.2002 ([EMAIL
So is there anyway to do this - perl, javascript, voodo?
- Original Message -
From: Ford, Mike [LSS] [EMAIL PROTECTED]
To: 'Justin French' [EMAIL PROTECTED]; Beauford.2002
[EMAIL PROTECTED]; PHP General [EMAIL PROTECTED]
Sent: Friday, March 21, 2003 11:04 AM
Subject: RE: [PHP] Sessions
: Re: [PHP] Sessions question
So is there anyway to do this - perl, javascript, voodo?
- Original Message -
From: Ford, Mike [LSS] [EMAIL PROTECTED]
To: 'Justin French' [EMAIL PROTECTED]; Beauford.2002
[EMAIL PROTECTED]; PHP General [EMAIL PROTECTED]
Sent: Friday, March 21, 2003 11
. It
appears though from the answers I have received - that this is not
possible
B.
- Original Message -
From: Kevin Stone [EMAIL PROTECTED]
To: PHP General [EMAIL PROTECTED]
Sent: Friday, March 21, 2003 4:21 PM
Subject: Re: [PHP] Sessions question
This is one of those rare things
on 22/03/03 4:39 AM, Adam - ([EMAIL PROTECTED]) wrote:
Just a thought about sessions, they still rely on cookies working, unless
you pass the session id with every link on the page. If you set your
php.ini file to automatically put the session id in ever link on your page,
that's great, but
Hi,
So with the .htaccess you could enable trans sid. That's interesting to
know. I guess you could just use the session and have a session check to
require the person to have cookies. Most sites these days seem to require
it.. mail.yahoo.com does, if you try and login without cookies
On Saturday 22 March 2003 08:09, Beauford.2002 wrote:
I don't quite understand this. If a user is on my site and then decides to
go into his favourites and go to yahoo.com - this won't work. I think you
are assuming the user is going to click on something I have set up - I want
this to be
On Friday 21 March 2003 13:57, Beauford.2002 wrote:
I have read some posts to this list on sessions and have read as much as I
can find on them, but one problem still exists which I can't figure out.
How do I kill the session when the user leaves my site.
There is simply no way to tell when
, 2003 1:34 AM
Subject: Re: [PHP] Sessions question
On Friday 21 March 2003 13:57, Beauford.2002 wrote:
I have read some posts to this list on sessions and have read as much as
I
can find on them, but one problem still exists which I can't figure out.
How do I kill the session when the user
on 21/03/03 4:57 PM, Beauford.2002 ([EMAIL PROTECTED]) wrote:
I have read some posts to this list on sessions and have read as much as I
can find on them, but one problem still exists which I can't figure out. How
do I kill the session when the user leaves my site. So if a user is on
on 21/03/03 6:20 PM, Beauford.2002 ([EMAIL PROTECTED]) wrote:
What about HTTP_REFERER - is there someway I could incorporate it to so if
the user didn't come from xxx (a page on my site) then kill the session and
redirect him to the login page...
The referrer can maybe *help* (not sure how
For session variables to work:
Use the $_SESSION array instead of $HTTP_SESSION_VARS.
Also, check your session_path (defined in php.ini, which should be under
/WINNT). session_path should point to a directory where user IUSR_MYHOST has
writing permissions. There, you should see a file created
My gc_maxlifetime = 3600 (1 hour) and my probability = 100 , just for
testing . When i create a session on my site and i dont log out , the
session var will still remain on the server , ok , after an hour (not
exactly an hour) , when i surf the site , the collector destroys that
var
on
the
-Original Message-
From: John W. Holmes [mailto:[EMAIL PROTECTED]
Sent: 13 March 2003 10:24
My gc_maxlifetime = 3600 (1 hour) and my probability = 100
, just for
testing . When i create a session on my site and i dont log
out , the
session var will still remain on the server
My gc_maxlifetime = 3600 (1 hour) and my probability = 100
, just for
testing . When i create a session on my site and i dont log
out , the
session var will still remain on the server , ok , after an
hour (not
exactly an hour) , when i surf the site , the collector
destroys
Nothing is safe unless it goes over SSL, and even then, NOTHING is 100%
secure :)
The point is that you shouldn't have the plain text password as a session
var...
Your login form (and the script that varifies the login) should be secure
(see note), and should establish a session var like
Make sure that the url is always the same. For example if a user is at a
page http://mysite.com/phpscript.php and you link to
http://www.mysite.com/phpscript.php (notice the www) the session might not
follow because the url is different.
-Original Message-
From: freaky deaky
From: freaky deaky [EMAIL PROTECTED]
i am experiencing a major problem with sessions expiring randomly in some of
my
apps. i will log in and start clicking around and then i will eventually
arrive at a page that tells me that i'm not logged in anymore. this happens
apparently randomly. i
Is your session.save_path set to /tmp? It's my understanding that you
should
specify a directory for saving session data -- or use a database --
that
/tmp is subject to garbage collection, and specifying a directory
prevents
that. I made this change to a site recently. In tests prior to the
The session file will be deleted automatically by the garbage colector
after certain amount of time, specified in php.ini by session.gc_maxlifetime
Shaun van den Berg wrote:
Hi,
Im working on a site where the user logs in , if username and password
matches with uname and pword in database
Berg [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, March 06, 2003 12:08 PM
Subject: Re: [PHP] sessions
The session file will be deleted automatically by the garbage colector
after certain amount of time, specified in php.ini by
session.gc_maxlifetime
Shaun van den Berg wrote
--- Joseph Bannon [EMAIL PROTECTED] wrote:
1) How are sessions different from cookies other than
where the information is stored?
Cookies are a state management mechanism. PHP's session management (depending
on how it is configured, of course) uses either cookies or URL variables for
on 21/02/03 5:34 AM, Joseph Bannon ([EMAIL PROTECTED]) wrote:
I'm starting to use sessions for my website and wanted
to know some things before I fully commit to use them.
1) How are sessions different from cookies other than
where the information is stored?
A session is just a method of
At 15:49 19.02.2003, Sidar Lopez Cruz spoke out and said:
[snip]
1, What i got to do for manages sessions in my RedHat 8,
2, What i got to do for manages cookies in my RedHat 8,
I try to use session vars, but no work
I try to use cookies, and when i open
I'm finding that my sessions seem to be timing out fairly quickly. For
example, in a little forum I wrote with PHP, people are telling me
that if
they type a long message and click Submit, they are taken to the Login
page
because their session obviously timed out, and they loose their posts
Did you look in the manual first? Didn't think so.
php.net/session
first search result is http://www.php.net/manual/en/ref.session.php
There are two PHP.ini settings you should look at:
session.gc_probability specifies the probability that the gc (garbage
collection) routine is started on each
Using the built in PHP 4 session support you can do IP checking on the
sessions, in fact you should be able to do IP checking with any session
library as long as you do it in your application.
Checking the IP when using sessions might give you some additional
security but many ISPS use web
I'm trying to use cookies in PHP4 (.whatever the latest release is). I
want
to use them for validation (ensuring a user has logged in) but all I can
find
is setcookie, which seems only to create the cookie. In trying to use PHP
sessions, I end up with odd errors.
When I try to use sessions
acleave wrote:
My Questions:
If I create a cookie with set_cookie how do I read it/check it?
$_COOKIE superglobal array.
How do I use sessions if they can't be sent in the code?
The session_start function has to be at the VERY top of the of the code,
below ANY output (even blank spaces
Well, that is natural - cookies can only be set before any output is
produced by the script. And since sessions in this case use cookies, it
follows that sessions can also be started before any output is produced.
Why is that? Because cookies are transmitted by means of http headers, and
http
--- Mike Tuller [EMAIL PROTECTED] wrote:
I click on the link and it adds the id number
to the url like this:
td align=left
a href=editsoftwareasset.php?id=$row[asset_id]
$row[asset_id]
/a
/td
I think you want to have something like:
? echo $row['asset_id']; ?
everywhere you
It is all here:
http://www.php.net/manual/en/ref.session.php
-Kevin
- Original Message -
From: Mike Tuller [EMAIL PROTECTED]
To: php mailing list list [EMAIL PROTECTED]
Sent: Monday, February 03, 2003 11:06 AM
Subject: [PHP] Sessions
In an earlier post I wanted to carry an id number
At 17:25 02.02.2003, Chris LeBlanc said:
[snip]
Ok, so where is the err in my logic since I know there is one, because after
var3 is set I keep getting MD5 has changed, or I just don't understand the
proper use of MD5, most likely both :)
You need to append 'bar' to your foo page!
RW
Quoting news [EMAIL PROTECTED]:
### Sessions aren't getting set.
###
### my parent frame is on xyz.com
### A frame on xyz.com loads a frame that contains a page on foo.com
### the page on foo.com start a session and sets a variable.
###
### but
--- news [EMAIL PROTECTED] wrote:
Sessions aren't getting set.
my parent frame is on xyz.com A frame on xyz.com
loads a frame that contains a page on foo.com the
page on foo.com start a session and sets a variable.
but the IE does not accept this session.
I've loaded this page on
--- Clarkson, Nick [EMAIL PROTECTED] wrote:
I am trying to find the best method for implementing
sessions in PHP to track/limit users. However, the
more I read, the more I am concerned about security.
Can anyone give me a definitive answer as to the best
method of tracking users with security
Thanks - I've only just joined the list so must have missed your previous
msgs. I'll give them a read later.
Thanks again.
Nick
-Original Message-
From: Chris Shiflett [mailto:[EMAIL PROTECTED]]
Sent: 23 January 2003 15:28
To: Clarkson, Nick; [EMAIL PROTECTED]
Subject: Re: [PHP
501 - 600 of 1042 matches
Mail list logo