Re: [PHP] PHP sessions expiring early

2011-09-07 Thread Paul Waring 

On 07/09/11 13:42, Richard Quadling wrote:

On 7 September 2011 12:32, Paul Waring  wrote:

On 07/09/11 12:16, Richard Quadling wrote:


On 7 September 2011 11:20, Paul Waringwrote:


Can anyone suggest things which I could try? I cannot work out why this
problem is happening for some users but not me.


For browsers/extensions that do automatic read ahead (I load page A
and linked pages B and C are also retrieved).


I hadn't thought of that. However, we audit all user logins and logouts, as
well as all page requests. If the browser was pre-fetching the logout page,
we'd have 'user logout' entries in our logs, but the only notices we have
are for users logging in. If users were being logged out because of
pre-fetching, I'd expect to see each login entry have a corresponding logout
entry.


Is the potential for cached pages to be returned for a user NOT logged in?


Any pages which a user has viewed whilst logged in shouldn't be cached,
assuming the browser is respecting the headers. They are all sent with:

Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0


How is your code determining if they need to be redirected back to the
login page?


The test is whether two $_SESSION elements are set and match ones in the 
database, plus whether the last page view by the user (stored in the 
database, updated on each request) was less than one hour ago.



What changes that information?


A page load changed the 'last page view time'. Nothing changes the other 
session data, except an explicit logout (which sets $_SESSION = array() 
and calls session_destroy).



Can you monitor it externally?


I'm not sure what you mean by 'externally'. Most of the site requires a 
login, so it's not possible for a third-party to monitor it if that's 
what you mean.


--
Paul Waring
http://www.phpdeveloper.org.uk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions expiring early

2011-09-07 Thread Paul Waring 

On 07/09/11 12:16, Richard Quadling wrote:

On 7 September 2011 11:20, Paul Waring  wrote:

Can anyone suggest things which I could try? I cannot work out why this
problem is happening for some users but not me.


For browsers/extensions that do automatic read ahead (I load page A
and linked pages B and C are also retrieved).


I hadn't thought of that. However, we audit all user logins and logouts, 
as well as all page requests. If the browser was pre-fetching the logout 
page, we'd have 'user logout' entries in our logs, but the only notices 
we have are for users logging in. If users were being logged out because 
of pre-fetching, I'd expect to see each login entry have a corresponding 
logout entry.



Is the potential for cached pages to be returned for a user NOT logged in?


Any pages which a user has viewed whilst logged in shouldn't be cached, 
assuming the browser is respecting the headers. They are all sent with:


Cache-Control: no-store, no-cache, must-revalidate, post-check=0, 
pre-check=0


--
Paul Waring
http://www.phpdeveloper.org.uk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions expiring early

2011-09-07 Thread Paul Waring 

On 07/09/11 12:20, vikash.i...@gmail.com wrote:

Just confirm once that you are not calling session_destroy somewhere.


The only place session_destroy is called is in the logout function, 
which itself is only called if a user clicks the logout link.


--
Paul Waring
http://www.phpdeveloper.org.uk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions expiring early

2011-09-07 Thread Paul Waring 

On 07/09/11 12:15, Richard Quadling wrote:

How do you handle multiple logins?

If I login using my laptop and get Session A for my account and then I
login using my desktop and get Session B for my account, does Session
A get killed?


Session A is killed, your last login is always the current one.


Do you allow multiple, simultaneous logins per account?


No, but then each user is accessing their account from a single machine 
and browser anyway (i.e. they don't switch from desktop to laptop and 
then back again), so we don't even have people trying to have 
simultaneous logins.


--
Paul Waring
http://www.phpdeveloper.org.uk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions expiring early

2011-09-07 Thread vikash . iitb 
Just confirm once that you are not calling session_destroy somewhere.


Thanks,
Vikash Kumar
--
http://vika.sh


On 7 September 2011 16:46, Richard Quadling  wrote:

> On 7 September 2011 11:20, Paul Waring  wrote:
> > Can anyone suggest things which I could try? I cannot work out why this
> > problem is happening for some users but not me.
>
> For browsers/extensions that do automatic read ahead (I load page A
> and linked pages B and C are also retrieved).
>
> Is the potential for cached pages to be returned for a user NOT logged in?
>
>
>
> --
> Richard Quadling
> Twitter : EE : Zend : PHPDoc
> @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] PHP sessions expiring early

2011-09-07 Thread Richard Quadling 
On 7 September 2011 11:20, Paul Waring  wrote:
> Can anyone suggest things which I could try? I cannot work out why this
> problem is happening for some users but not me.

For browsers/extensions that do automatic read ahead (I load page A
and linked pages B and C are also retrieved).

Is the potential for cached pages to be returned for a user NOT logged in?



-- 
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions expiring early

2011-09-07 Thread Richard Quadling 
On 7 September 2011 11:20, Paul Waring  wrote:
> I'm having trouble with a PHP website which requires users to be logged in
> to access all content other than the home page and a couple of static pages
> (about us, contact us etc.). Several users have said they are being logged
> out every few minutes whilst using the site - they can login but will be
> shown the login form again after a few minutes. I can't confirm this myself
> as the site seems to work fine for me - even using the same browser as they
> are and under their accounts - but I'm wondering if this could be a problem
> with the session settings?
>
> The current settings I have are:
>
> session.auto_start      Off
> session.bug_compat_42   On
> session.bug_compat_warn On
> session.cache_expire    180
> session.cache_limiter   nocache
> session.cookie_domain   no value
> session.cookie_httponly Off
> session.cookie_lifetime 0
> session.cookie_path     /
> session.cookie_secure   Off
> session.entropy_file    no value
> session.entropy_length  0
> session.gc_divisor      100
> session.gc_maxlifetime  3600
> session.gc_probability  1
> session.hash_bits_per_character 4
> session.hash_function   0
> session.name    PHPSESSID
> session.referer_check   no value
> session.save_handler    files
> session.save_path       /shared/sessions
> session.serialize_handler       php
> session.use_cookies     On
> session.use_only_cookies        Off
> session.use_trans_sid   0
>
> The only options I have changed from the defaults are gc_maxlifetime,
> gc_probability and save_path. There are several sites on the same server,
> some are https, others just plain http. They all use the same session
> options. session_start() is called once on every page.
>
> The PHP version we're running is: PHP 5.2.6-1+lenny13 with Suhosin-Patch
> 0.9.6.2 (cli) (built: Jul  1 2011 16:01:01). I'm aware it's an old version
> before anyone tells me to upgrade (it's the latest stable version in Debian
> Lenny). :)
>
> Potential problems I have already ruled out:
>
> 1. I don't think it's a browser problem as the users have a variety of
> browsers and versions (we log the user agent for each login, they're mostly
> IE7/8 on XP/Vista/7 with a few Chrome users), and I can't reproduce the
> problem using the same browsers on my machine.
>
> 2. The server time is correct.
>
> 3. The sessions aren't stored in a directory which is being regularly
> cleared out, such as /var/lib/php5 or /tmp.
>
> 4. The web server has permission to write to the save_path directory, and I
> can see session files being created.
>
> 5. No output buffering functions are being used.
>
> Can anyone suggest things which I could try? I cannot work out why this
> problem is happening for some users but not me.
>
> Thanks in advance.
>
> Paul

How do you handle multiple logins?

If I login using my laptop and get Session A for my account and then I
login using my desktop and get Session B for my account, does Session
A get killed?

Do you allow multiple, simultaneous logins per account?



-- 
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions expiring early

2011-09-07 Thread Paul Waring 

On 07/09/11 11:47, Nilesh Govindarajan wrote:

On 09/07/2011 03:50 PM, Paul Waring wrote:

I'm having trouble with a PHP website which requires users to be logged
in to access all content other than the home page and a couple of static
pages (about us, contact us etc.). Several users have said they are
being logged out every few minutes whilst using the site - they can
login but will be shown the login form again after a few minutes. I
can't confirm this myself as the site seems to work fine for me - even
using the same browser as they are and under their accounts - but I'm
wondering if this could be a problem with the session settings?



You have set gc_maxlifetime to 3600 seconds. How much expire time have
you set?
Because, every 3600 seconds, session data stored is considered as
garbage and php clears them out itself.


Yes, I'm aware of that. However, users are being logged out after a few 
minutes, not one hour of inactivity (which is what I'd expect with 3600 
seconds).



If your expiration time is more than 3600 seconds, then this will not
work. You need to increase gc_maxlifetime.


If you mean the expiration time of the session cookie, it is set to 0, 
which means it shouldn't be deleted until the browser is closed (or the 
user logs out, at which point it is deleted immediately).


Paul

--
Paul Waring
http://www.phpdeveloper.org.uk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions expiring early

2011-09-07 Thread Nilesh Govindarajan 
On 09/07/2011 03:50 PM, Paul Waring wrote:
> I'm having trouble with a PHP website which requires users to be logged
> in to access all content other than the home page and a couple of static
> pages (about us, contact us etc.). Several users have said they are
> being logged out every few minutes whilst using the site - they can
> login but will be shown the login form again after a few minutes. I
> can't confirm this myself as the site seems to work fine for me - even
> using the same browser as they are and under their accounts - but I'm
> wondering if this could be a problem with the session settings?
> 

You have set gc_maxlifetime to 3600 seconds. How much expire time have
you set?
Because, every 3600 seconds, session data stored is considered as
garbage and php clears them out itself.

If your expiration time is more than 3600 seconds, then this will not
work. You need to increase gc_maxlifetime.

For the other case, I'm clueless.

-- 
Nilesh Govindarajan
http://nileshgr.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP sessions expiring early

2011-09-07 Thread Paul Waring 
I'm having trouble with a PHP website which requires users to be logged 
in to access all content other than the home page and a couple of static 
pages (about us, contact us etc.). Several users have said they are 
being logged out every few minutes whilst using the site - they can 
login but will be shown the login form again after a few minutes. I 
can't confirm this myself as the site seems to work fine for me - even 
using the same browser as they are and under their accounts - but I'm 
wondering if this could be a problem with the session settings?


The current settings I have are:

session.auto_start  Off
session.bug_compat_42   On
session.bug_compat_warn On
session.cache_expire180
session.cache_limiter   nocache
session.cookie_domain   no value
session.cookie_httponly Off
session.cookie_lifetime 0
session.cookie_path /
session.cookie_secure   Off
session.entropy_fileno value
session.entropy_length  0
session.gc_divisor  100
session.gc_maxlifetime  3600
session.gc_probability  1
session.hash_bits_per_character 4
session.hash_function   0
session.namePHPSESSID
session.referer_check   no value
session.save_handlerfiles
session.save_path   /shared/sessions
session.serialize_handler   php
session.use_cookies On
session.use_only_cookiesOff
session.use_trans_sid   0

The only options I have changed from the defaults are gc_maxlifetime, 
gc_probability and save_path. There are several sites on the same 
server, some are https, others just plain http. They all use the same 
session options. session_start() is called once on every page.


The PHP version we're running is: PHP 5.2.6-1+lenny13 with Suhosin-Patch 
0.9.6.2 (cli) (built: Jul  1 2011 16:01:01). I'm aware it's an old 
version before anyone tells me to upgrade (it's the latest stable 
version in Debian Lenny). :)


Potential problems I have already ruled out:

1. I don't think it's a browser problem as the users have a variety of 
browsers and versions (we log the user agent for each login, they're 
mostly IE7/8 on XP/Vista/7 with a few Chrome users), and I can't 
reproduce the problem using the same browsers on my machine.


2. The server time is correct.

3. The sessions aren't stored in a directory which is being regularly 
cleared out, such as /var/lib/php5 or /tmp.


4. The web server has permission to write to the save_path directory, 
and I can see session files being created.


5. No output buffering functions are being used.

Can anyone suggest things which I could try? I cannot work out why this 
problem is happening for some users but not me.


Thanks in advance.

Paul

--
Paul Waring
http://www.phpdeveloper.org.uk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions - users being automatically logged out

2010-11-04 Thread Paul Waring 

On 04/11/10 14:56, Alexander Holodny wrote:

Inc session.cache_expire. You have only 3 minutes.
This means browser will drop cookie containing session id in three
minutes, or even less, of clients inactivity.


According to the PHP manual:

"session.cache_expire specifies time-to-live for cached session pages in 
minutes, this has no effect for nocache limiter."


So the value of session.cache_expire should be ignored, as 
session.cache_limiter is set to nocache.


Paul

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions - users being automatically logged out

2010-11-04 Thread Alexander Holodny 
Inc session.cache_expire. You have only 3 minutes.
This means browser will drop cookie containing session id in three
minutes, or even less, of clients inactivity.
I prefer to set expire-time to zero. So, browser will never forget session id.
In other case, if security requires, i usually set it to 24 hours, to
avoid some mystic problems, in case of misconfigured servers and/or
clients TZ; they are rare.

2010/11/4, Paul Waring :
> I'm having trouble with a PHP site whereby some users are being logged
> out on a regular basis. This will usually happen after they have been
> using the site for a few minutes, they can login without any problems
> and access a few pages, but then suddenly they will request a page and
> be sent to the login form, which suggests that their session no longer
> exists. However, this doesn't affect all users - I can login and use the
> application without any problems, as can some other users.
>
> According to phpinfo(), the following session values are set (all are
> what I'd expect - either the default or something I've deliberately
> changed):
>
> session.auto_start = Off
> session.bug_compat_42 = On
> session.bug_compat_warn = On
> session.cache_expire = 180
> session.cache_limiter = nocache
> session.cookie_domain = no value
> session.cookie_httponly = Off
> session.cookie_lifetime = 0
> session.cookie_path = /
> session.cookie_secure = Off
> session.entropy_file = no value
> session.entropy_length = 0
> session.gc_divisor = 100
> session.gc_maxlifetime = 1440
> session.gc_probability = 1
> session.hash_bits_per_character = 4
> session.hash_function = 0
> session.name = PHPSESSID
> session.referer_check = no value
> session.save_handler = files
> session.save_path = /shared/sessions
> session.serialize_handler = php
> session.use_cookies = On
> session.use_only_cookies = Off
> session.use_trans_sid = 0
>
> I've tried checking a few obvious things:
>
> * IP addresses - the site doesn't use the IP address as part of the
> authentication process, and almost all our users (including the ones
> experiencing problems) have static IP addresses anyway.
>
> * Number of sessions - there are between 40-60 session files on disk at
> any one time, so I doubt there's a "maximum number of session files"
> limit being broken, if such a configuration option exists.
>
> * Permissions - the web server user (www-data) has read/write
> permissions to the directory where the sessions are stored and all the
> files within it, and they are all owned by this user.
>
> Is there anything else obvious which could be causing the problem? This
> seemed to occur when we moved hosts, and I haven't changed the site's
> session handling code for some time, so I suspect it might be a
> configuration issue but can't figure out what.
>
> Thanks,
>
> Paul
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP sessions - users being automatically logged out

2010-11-04 Thread Paul Waring 
I'm having trouble with a PHP site whereby some users are being logged 
out on a regular basis. This will usually happen after they have been 
using the site for a few minutes, they can login without any problems 
and access a few pages, but then suddenly they will request a page and 
be sent to the login form, which suggests that their session no longer 
exists. However, this doesn't affect all users - I can login and use the 
application without any problems, as can some other users.


According to phpinfo(), the following session values are set (all are 
what I'd expect - either the default or something I've deliberately 
changed):


session.auto_start = Off
session.bug_compat_42 = On
session.bug_compat_warn = On
session.cache_expire = 180
session.cache_limiter = nocache
session.cookie_domain = no value
session.cookie_httponly = Off
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_secure = Off
session.entropy_file = no value
session.entropy_length = 0
session.gc_divisor = 100
session.gc_maxlifetime = 1440
session.gc_probability = 1
session.hash_bits_per_character = 4
session.hash_function = 0
session.name = PHPSESSID
session.referer_check = no value
session.save_handler = files
session.save_path = /shared/sessions
session.serialize_handler = php
session.use_cookies = On
session.use_only_cookies = Off
session.use_trans_sid = 0

I've tried checking a few obvious things:

* IP addresses - the site doesn't use the IP address as part of the 
authentication process, and almost all our users (including the ones 
experiencing problems) have static IP addresses anyway.


* Number of sessions - there are between 40-60 session files on disk at 
any one time, so I doubt there's a "maximum number of session files" 
limit being broken, if such a configuration option exists.


* Permissions - the web server user (www-data) has read/write 
permissions to the directory where the sessions are stored and all the 
files within it, and they are all owned by this user.


Is there anything else obvious which could be causing the problem? This 
seemed to occur when we moved hosts, and I haven't changed the site's 
session handling code for some time, so I suspect it might be a 
configuration issue but can't figure out what.


Thanks,

Paul

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions

2010-03-12 Thread Andre Polykanine 
Hello Martine,

Try to make on the second page a
print_r ($_SESSION);

-- 
With best regards from Ukraine,
Andre
Skype: Francophile; Wlm&MSN: arthaelon @ yandex.ru; Jabber: arthaelon @ 
jabber.org
Yahoo! messenger: andre.polykanine; ICQ: 191749952
Twitter: m_elensule

- Original message -
From: Martine Osias 
To: php-general@lists.php.net 
Date: Saturday, March 13, 2010, 2:29:41 AM
Subject: [PHP] PHP Sessions

Hi:

I need to store variables to send then between pages. I don't need the 
variables in a database so I try to send them with sessions. The variables 
don't seem to be there when I try to get them. What could be the problem. 
Here are the pages where I store and retrieve the variables.

Page 1 (variables stored):



Page 2 (variables retrieved):


http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
http://www.w3.org/1999/xhtml";>







 
 


 
 








-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions

2010-03-12 Thread Kevin Kinsey 


Forgot to mention, you could check into the privacy
vs. server settings by doing:

   session_start();
   echo session_id();

on both pages.  If they're different, then
this is the problem.

KDK

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions

2010-03-12 Thread Kevin Kinsey 

Martine Osias wrote:

Hi:

I need to store variables to send then between pages. I don't need the 
variables in a database so I try to send them with sessions. The 
variables don't seem to be there when I try to get them. What could be 
the problem. Here are the pages where I store and retrieve the variables.


Page 1 (variables stored):



Do sessions work at all?  Something simple, like


Click me';
?>


*

 ... would be a good 1st test.

If that works, I'd suspect that $row_scripture['ScriptureText']
and friends are empty.

If it doesn't, I'd suspect a combination of very strict
browser privacy settings (disallow all cookies) with lame server
config (use_only_cookies), or that session support is missing
or disabled.

HTH,

KDK

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions

2010-03-12 Thread Ashley Sheridan 
On Fri, 2010-03-12 at 19:29 -0500, Martine Osias wrote:

> Hi:
> 
> I need to store variables to send then between pages. I don't need the 
> variables in a database so I try to send them with sessions. The variables 
> don't seem to be there when I try to get them. What could be the problem. 
> Here are the pages where I store and retrieve the variables.
> 
> Page 1 (variables stored):
> 
>  
> session_start();
> 
> $_SESSION['scripture_text']  = $row_scripture['ScriptureText'];
> $_SESSION['scripture_ref']  = $row_scripture['ScriptureRef'];
> 
> ?>
> 
> Page 2 (variables retrieved):
> 
>  session_start();
> include("includes/config.php");
> ?>
>  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
> http://www.w3.org/1999/xhtml";>
> 
> 
> 
> 
> 
> 
> 
>  
>  
> 
> 
>   align="right">
>  
> 
> 
> 
> 
> 
> 
> 
> 


Are there any errors, either displayed or in the error log?

Thanks,
Ash
http://www.ashleysheridan.co.uk

[PHP] PHP Sessions

2010-03-12 Thread Martine Osias 

Hi:

I need to store variables to send then between pages. I don't need the 
variables in a database so I try to send them with sessions. The variables 
don't seem to be there when I try to get them. What could be the problem. 
Here are the pages where I store and retrieve the variables.


Page 1 (variables stored):



Page 2 (variables retrieved):


"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>

http://www.w3.org/1999/xhtml";>











align="right">










--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions, AJAX, authentication and security.

2009-11-21 Thread tedd 

At 9:30 PM +1000 11/21/09, Angus Mann wrote:

Hi all.

A question about PHP sessions and their interaction with AJAX.

I have a database containing sensitive information and users need to 
log in to my PHP script and be authenticated before they are granted 
access.


For one of the forms I would like to retrieve information using 
AJAX, and some of that information is sensitive also. The request 
from AJAX is handled by another, simpler PHP script.


It occurs to me that the AJAX handler could be used to bypass the 
user authentication and a crafted request sent directly to the AJAX 
handler to get information without authentication.


Can anyone offer some advice about how to piggy-back the 
session/authentication data that the user originally used to the 
AJAX so that only an authenticated user will get a valid response 
from the AJAX handler? I know I could embed authentication 
information into the web-page and send this with the AJAX request 
but I'm interested to know if there are other methods also.


I hope the explanation is clear.

Thanks in advance.


Angus:

First, don't trust anything that comes from the client -- period.

Second, Ajax is just another way to send stuff to the server. When 
the data gets to the server then authenticate and set a session 
variable to indicate such. This is not rocket science, but if you 
don't do it right you'll leave a crater.


Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions, AJAX, authentication and security.

2009-11-21 Thread Phpster 

You could use a one time token on each request

Bastien

Sent from my iPod

On Nov 21, 2009, at 6:30 AM, "Angus Mann"  wrote:


Hi all.

A question about PHP sessions and their interaction with AJAX.

I have a database containing sensitive information and users need to  
log in to my PHP script and be authenticated before they are granted  
access.


For one of the forms I would like to retrieve information using  
AJAX, and some of that information is sensitive also. The request  
from AJAX is handled by another, simpler PHP script.


It occurs to me that the AJAX handler could be used to bypass the  
user authentication and a crafted request sent directly to the AJAX  
handler to get information without authentication.


Can anyone offer some advice about how to piggy-back the session/ 
authentication data that the user originally used to the AJAX so  
that only an authenticated user will get a valid response from the  
AJAX handler? I know I could embed authentication information into  
the web-page and send this with the AJAX request but I'm interested  
to know if there are other methods also.


I hope the explanation is clear.

Thanks in advance.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP sessions, AJAX, authentication and security.

2009-11-21 Thread Angus Mann 
Hi all.

A question about PHP sessions and their interaction with AJAX.

I have a database containing sensitive information and users need to log in to 
my PHP script and be authenticated before they are granted access.

For one of the forms I would like to retrieve information using AJAX, and some 
of that information is sensitive also. The request from AJAX is handled by 
another, simpler PHP script.

It occurs to me that the AJAX handler could be used to bypass the user 
authentication and a crafted request sent directly to the AJAX handler to get 
information without authentication.

Can anyone offer some advice about how to piggy-back the session/authentication 
data that the user originally used to the AJAX so that only an authenticated 
user will get a valid response from the AJAX handler? I know I could embed 
authentication information into the web-page and send this with the AJAX 
request but I'm interested to know if there are other methods also.

I hope the explanation is clear.

Thanks in advance.

[PHP] PHP sessions possibly eating up inodes

2006-07-03 Thread Dave M G 

PHP List,

Recently, my web hosting server has been maxing out it's alloted hard 
drive space. It turns out that there are no single large files, but that 
I have been maxing out my inode usage. Not being a Unix expert, I have a 
limited understanding of inodes, but it seems they are related to files 
and, essentially, more files being written to by active process creates 
more inodes.


I've eliminated log files and email spools as possible causes, and now I 
think the next most likely cause is PHP sessions not being properly cleared.


This was suggested to me by my web hosting services support staff. It 
seems likely because a lot of PHP code that I wrote while early in the 
process of learning PHP is still in use, and so it is easy to believe 
that I had not properly cleared sessions.


Actually, I thought sessions timed out and cleared automatically, so I 
erroneously haven't set up any specific cache clearing protocols.


Anyway, I have now begun adding the following code to my scripts:
   $_SESSION = array();
   session_unset();
   session_destroy();

But, it seems that inodes related to earlier, not properly destroyed 
sessions might still be lingering.


Is there a way I can:

1. Verify that sessions are in fact the cause of inodes being created?

2. Destroy them?

Thank you for any advice.

--
Dave M G

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions and Google (Solved)

2006-06-08 Thread tedd 
At 12:47 PM +1000 6/8/06, Chris wrote:
>tedd wrote:
>>At 10:56 AM +1000 6/8/06, Chris wrote:
>>>tedd wrote:
Hi gang:

I've read that php sessions can create problems for Google bots.

-snip-

>>Chris:
>>
>>Thanks -- after your lead, I found that my site's session.use_trans_sid was 
>>turned off by default.
>>
>>So, it wasn't the problem I thought it might have been.
>
>So your page urls don't automatically append the session id to the end? I 
>might have the wrong variable name so if you're still seeing them, I obviously 
>have it wrong...

No, you're right and my url's are clean of SID's -- they always have been, that 
was the default.

The "problem" I was trying to figure out was how the use of SID's cause SE's to 
fail and how that works. I figured that once I understand how that worked, then 
I could keep from doing it. I just needed to "see for myself" what it was. You 
know, one of my "wonder why this works" studies.

While the problem wasn't present for me, which at the start of this I wasn't 
sure about, I did learn how it works and why SE's have problems with indexing 
url's that have "?" in them.

For those interested in this thread, this is what I believe is happening.

If you have a web page that uses SID's in it's url, then it appears to a SE as 
something like this (using one of my sites as an example):

http://ancientstones.com?PHPSESSID=1234

and not like:

http://ancientstones.com/

So the SE grabs the page with the SID. The next time it travels your site, it 
see's:

http://ancientstones.com?PHPSESSID=5678

and grabs that page. After a while, Google has numerous duplicate pages and has 
to pick one to be representative of your site and store all the others into 
it's supplemental index.

Now when Google determines PageRank for your site, it does so by calculating 
how many sites link to your site (simple version). If Google has picked:

http://ancientstones.com?PHPSESSID=5678

to be THE representative for your site, then you're sunk because no one uses a 
SID in their link to your site. Your site will always have a PR of 0 -- as it 
is with the referenced site. While the site ranks very high (currently #1) in a 
Google search for "Custom Tile Medallions", it has a PR of 0. I was trying to 
figure out what was happening and if there was something I was doing in using 
php caused the low PR. I found that PHP wasn't the problem -- and now I know 
that.

At least, that's the way I understand what's going on -- if I'm mistaken, 
please correct me.

tedd

-- 

http://sperling.com  http://ancientstones.com  http://earthstones.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions and Google

2006-06-07 Thread Anthony Ettinger 

On 6/7/06, tedd <[EMAIL PROTECTED]> wrote:

Can someone shed some light on this for me? How can one do sessions and make 
Google bots happy?


I think what they're getting at is don't use session id's unless
they're logged in.

--
Anthony Ettinger
Signature: http://chovy.dyndns.org/hcard.html

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions and Google

2006-06-07 Thread Chris 

tedd wrote:

At 10:56 AM +1000 6/8/06, Chris wrote:

tedd wrote:

Hi gang:

I've read that php sessions can create problems for Google bots. For example, the 
following was taken from a Google "Web Master Help" Center:

-- Quote --
Allow search bots to crawl your sites without session IDs or arguments that 
track their path through the site. These techniques are useful for tracking 
individual user behavior, but the access pattern of bots is entirely different. 
Using these techniques may result in incomplete indexing of your site, as bots 
may not be able to eliminate URLs that look different but actually point to the 
same page.
-- Un-quote --



I've also seen a comment here:

http://www.weberdev.com/get_example-3431.html

But, I'm not following what's happening.

Can someone shed some light on this for me? How can one do sessions and make 
Google bots happy?

use_trans_sid (I think) will append the sessionid to all pages, so instead of:

/page.php

it will become

/page.php?PHPSESSID=x

much the same as if you do:



Bots don't like that, so where possible turn use_trans_sid off (check manual 
about when/how you can do this).



Chris:

Thanks -- after your lead, I found that my site's session.use_trans_sid was 
turned off by default.

So, it wasn't the problem I thought it might have been.


So your page urls don't automatically append the session id to the end? 
I might have the wrong variable name so if you're still seeing them, I 
obviously have it wrong...


--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions and Google

2006-06-07 Thread tedd 
At 10:56 AM +1000 6/8/06, Chris wrote:
>tedd wrote:
>>Hi gang:
>>
>>I've read that php sessions can create problems for Google bots. For example, 
>>the following was taken from a Google "Web Master Help" Center:
>>
>>-- Quote --
>>Allow search bots to crawl your sites without session IDs or arguments that 
>>track their path through the site. These techniques are useful for tracking 
>>individual user behavior, but the access pattern of bots is entirely 
>>different. Using these techniques may result in incomplete indexing of your 
>>site, as bots may not be able to eliminate URLs that look different but 
>>actually point to the same page.
>>-- Un-quote --
>>
>>
>>
>>I've also seen a comment here:
>>
>>http://www.weberdev.com/get_example-3431.html
>>
>>But, I'm not following what's happening.
>>
>>Can someone shed some light on this for me? How can one do sessions and make 
>>Google bots happy?
>
>use_trans_sid (I think) will append the sessionid to all pages, so instead of:
>
>/page.php
>
>it will become
>
>/page.php?PHPSESSID=x
>
>much the same as if you do:
>
>echo '/page.php?' . SID;
>?>
>
>Bots don't like that, so where possible turn use_trans_sid off (check manual 
>about when/how you can do this).
>

Chris:

Thanks -- after your lead, I found that my site's session.use_trans_sid was 
turned off by default.

So, it wasn't the problem I thought it might have been.

Thanks again.

tedd
 
-- 

http://sperling.com  http://ancientstones.com  http://earthstones.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions and Google

2006-06-07 Thread Chris 

tedd wrote:

Hi gang:

I've read that php sessions can create problems for Google bots. For example, the 
following was taken from a Google "Web Master Help" Center:

-- Quote --
Allow search bots to crawl your sites without session IDs or arguments that 
track their path through the site. These techniques are useful for tracking 
individual user behavior, but the access pattern of bots is entirely different. 
Using these techniques may result in incomplete indexing of your site, as bots 
may not be able to eliminate URLs that look different but actually point to the 
same page.
-- Un-quote --



I've also seen a comment here:

http://www.weberdev.com/get_example-3431.html

But, I'm not following what's happening.

Can someone shed some light on this for me? How can one do sessions and make 
Google bots happy?


use_trans_sid (I think) will append the sessionid to all pages, so 
instead of:


/page.php

it will become

/page.php?PHPSESSID=x

much the same as if you do:



Bots don't like that, so where possible turn use_trans_sid off (check 
manual about when/how you can do this).


--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] php sessions and Google

2006-06-07 Thread tedd 
Hi gang:

I've read that php sessions can create problems for Google bots. For example, 
the following was taken from a Google "Web Master Help" Center:

-- Quote --
Allow search bots to crawl your sites without session IDs or arguments that 
track their path through the site. These techniques are useful for tracking 
individual user behavior, but the access pattern of bots is entirely different. 
Using these techniques may result in incomplete indexing of your site, as bots 
may not be able to eliminate URLs that look different but actually point to the 
same page.
-- Un-quote --



I've also seen a comment here:

http://www.weberdev.com/get_example-3431.html

But, I'm not following what's happening.

Can someone shed some light on this for me? How can one do sessions and make 
Google bots happy?

Thanks in advance for any comments or suggestions.

tedd

-- 

http://sperling.com  http://ancientstones.com  http://earthstones.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php, sessions and ie

2006-04-06 Thread Dallas Cahker 
Thanks for the information

On 4/4/06, Chrome <[EMAIL PROTECTED]> wrote:
>
> I let GC and cookie expiration handle ending the session... The cookie was
> only set for 15 minutes
>
> Dan
>
>
> ---
> http://chrome.me.uk
>
>
> -Original Message-
> From: Dallas Cahker [mailto:[EMAIL PROTECTED]
> Sent: 04 April 2006 19:41
> To: php-general@lists.php.net
> Subject: Re: [PHP] php, sessions and ie
>
> How are you destroying the sessions if they leave the site (dont logout).
> do
> you check on activity or something else?
>
> On 4/4/06, Dan Parry <[EMAIL PROTECTED]> wrote:
> >
> > I have had some issues with sessions and IE in the past and used the
> > following code to start the session
> >
> >  > if (isset($SessID)){ session_id($SessID); }
> > session_start();
> > header("Cache-control: private"); // IE 6 Fix.
> > setcookie("SessID", session_id(), time() + 60 * 15);
> > ?>
> >
> > Now, though, I always use a DB to store sessions... Much nicer
> >
> > HTH
> >
> > Dan
> >
> > -
> > Dan Parry
> > Senior Developer
> > Virtua Webtech Ltd
> > http://www.virtuawebtech.co.uk
> > -Original Message-
> > From: Dallas Cahker [mailto:[EMAIL PROTECTED]
> > Sent: 04 April 2006 16:19
> > To: php-general@lists.php.net
> > Subject: [PHP] php, sessions and ie
> >
> > I've been hearing some of my friends saying there is an issue with
> Session
> > in PHP and IE having problems with them.  Is that true?  If it is how do
> > people get around this?  Session information saved to db?  Session id in
> > cookie?
> >
> >
> > __ NOD32 1.1454 (20060321) Information __
> >
> > This message was checked by NOD32 antivirus system.
> > http://www.eset.com
> >
> >
> >
>
>

RE: [PHP] php, sessions and ie

2006-04-04 Thread Chrome 
I let GC and cookie expiration handle ending the session... The cookie was
only set for 15 minutes

Dan

 
---
http://chrome.me.uk
 

-Original Message-
From: Dallas Cahker [mailto:[EMAIL PROTECTED] 
Sent: 04 April 2006 19:41
To: php-general@lists.php.net
Subject: Re: [PHP] php, sessions and ie

How are you destroying the sessions if they leave the site (dont logout). do
you check on activity or something else?

On 4/4/06, Dan Parry <[EMAIL PROTECTED]> wrote:
>
> I have had some issues with sessions and IE in the past and used the
> following code to start the session
>
>  if (isset($SessID)){ session_id($SessID); }
> session_start();
> header("Cache-control: private"); // IE 6 Fix.
> setcookie("SessID", session_id(), time() + 60 * 15);
> ?>
>
> Now, though, I always use a DB to store sessions... Much nicer
>
> HTH
>
> Dan
>
> -
> Dan Parry
> Senior Developer
> Virtua Webtech Ltd
> http://www.virtuawebtech.co.uk
> -Original Message-
> From: Dallas Cahker [mailto:[EMAIL PROTECTED]
> Sent: 04 April 2006 16:19
> To: php-general@lists.php.net
> Subject: [PHP] php, sessions and ie
>
> I've been hearing some of my friends saying there is an issue with Session
> in PHP and IE having problems with them.  Is that true?  If it is how do
> people get around this?  Session information saved to db?  Session id in
> cookie?
>
>
> __ NOD32 1.1454 (20060321) Information __
>
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
>
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php, sessions and ie

2006-04-04 Thread Dallas Cahker 
How are you destroying the sessions if they leave the site (dont logout). do
you check on activity or something else?

On 4/4/06, Dan Parry <[EMAIL PROTECTED]> wrote:
>
> I have had some issues with sessions and IE in the past and used the
> following code to start the session
>
>  if (isset($SessID)){ session_id($SessID); }
> session_start();
> header("Cache-control: private"); // IE 6 Fix.
> setcookie("SessID", session_id(), time() + 60 * 15);
> ?>
>
> Now, though, I always use a DB to store sessions... Much nicer
>
> HTH
>
> Dan
>
> -
> Dan Parry
> Senior Developer
> Virtua Webtech Ltd
> http://www.virtuawebtech.co.uk
> -Original Message-
> From: Dallas Cahker [mailto:[EMAIL PROTECTED]
> Sent: 04 April 2006 16:19
> To: php-general@lists.php.net
> Subject: [PHP] php, sessions and ie
>
> I've been hearing some of my friends saying there is an issue with Session
> in PHP and IE having problems with them.  Is that true?  If it is how do
> people get around this?  Session information saved to db?  Session id in
> cookie?
>
>
> __ NOD32 1.1454 (20060321) Information __
>
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
>
>
>

RE: [PHP] php, sessions and ie

2006-04-04 Thread Dan Parry 
I have had some issues with sessions and IE in the past and used the
following code to start the session



Now, though, I always use a DB to store sessions... Much nicer

HTH

Dan

-
Dan Parry
Senior Developer
Virtua Webtech Ltd
http://www.virtuawebtech.co.uk
-Original Message-
From: Dallas Cahker [mailto:[EMAIL PROTECTED] 
Sent: 04 April 2006 16:19
To: php-general@lists.php.net
Subject: [PHP] php, sessions and ie

I've been hearing some of my friends saying there is an issue with Session
in PHP and IE having problems with them.  Is that true?  If it is how do
people get around this?  Session information saved to db?  Session id in
cookie?


__ NOD32 1.1454 (20060321) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php, sessions and ie

2006-04-04 Thread Wolf 
I used to use a database table which housed their information, and their
cookie housed their sessionID that the server assigned them when they
logged in.  Grabbing the sessionID only from the cookie (and their IP) I
was able to log most people in (even "dynamic" IPs don't change THAT
often).  For those whom were dealing with a changed IP, the system had
them verify just their password.  Wrong password dumped them back out
and asked for full login information.  no browser issues at the time.

Wolf

Dallas Cahker wrote:
> I've been hearing some of my friends saying there is an issue with Session
> in PHP and IE having problems with them.  Is that true?  If it is how do
> people get around this?  Session information saved to db?  Session id in
> cookie?
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] php, sessions and ie

2006-04-04 Thread Dallas Cahker 
I've been hearing some of my friends saying there is an issue with Session
in PHP and IE having problems with them.  Is that true?  If it is how do
people get around this?  Session information saved to db?  Session id in
cookie?

Re: [PHP] PHP Sessions

2005-09-11 Thread Jasper Bryant-Greene 

Chris Wagner wrote:

i recently started using PHP's sessions.  i am finding that the sessions
seem to "expire" after 20 or 30 minutes -- or, at least the variables
which i set, within $_SESSION, are getting cleared after this relatively
short amount of time.

before calling session_start(), i do a few initializations:

ini_set('session.use_cookies', 1);
ini_set('session.use_trans_sid', 0);
ini_set('session.save_handler', 'files');
ini_set('session.serialize_handler', 'php');
ini_set('session.name', 'session-id');

i am not setting the 'session.cache_expire' INI variable, and even did a
check to make sure it was not being modified, and i found that it
contains the default value of 180 (minutes).

furthermore, the *cookie* is not expiring.  i've also checked
'session.cookie_lifetime', and it is 0 (zero, for "until browser is
closed").  i've also checked the browser's cookie list, and the cookie
is still around at the time that i lose my session variables.

does anyone have any ideas as to why i may be losing my session
variables so early?


Check session.gc_lifetime or similar. That is the garbage collection 
routine that goes through and deletes any session data files (in /tmp or 
wherever your setup puts them) that are older than that config setting 
value.


--
Jasper Bryant-Greene
Freelance web developer
http://jasper.bryant-greene.name/

If you find my advice useful, please consider donating to a poor
student! You can choose whatever amount you think my advice was
worth to you. http://tinyurl.com/7oa5s

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP Sessions

2005-09-11 Thread Chris Wagner 
hello,

i recently started using PHP's sessions.  i am finding that the sessions
seem to "expire" after 20 or 30 minutes -- or, at least the variables
which i set, within $_SESSION, are getting cleared after this relatively
short amount of time.

before calling session_start(), i do a few initializations:

ini_set('session.use_cookies', 1);
ini_set('session.use_trans_sid', 0);
ini_set('session.save_handler', 'files');
ini_set('session.serialize_handler', 'php');
ini_set('session.name', 'session-id');

i am not setting the 'session.cache_expire' INI variable, and even did a
check to make sure it was not being modified, and i found that it
contains the default value of 180 (minutes).

furthermore, the *cookie* is not expiring.  i've also checked
'session.cookie_lifetime', and it is 0 (zero, for "until browser is
closed").  i've also checked the browser's cookie list, and the cookie
is still around at the time that i lose my session variables.

does anyone have any ideas as to why i may be losing my session
variables so early?

thank you!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions?

2005-03-02 Thread rory walsh 
Yeah your right, I'm trying to walk before I can crawl! Cheers for the help,
Rory.
Chris W. Parker wrote:
rory walsh 
on Wednesday, March 02, 2005 2:08 PM said:

Thanks everyone, I'm getting closer. The only problem I have not is
that I keep entering that test, I modified it to change the session
variable once we enter the test but it somehow does not seem to
change it? This is the code,

Immediately I see:

if(strlen($_SESSION['loggedin']=="yes")){

That doesn't make sense. Do you mean?:
if($_SESSION['loggedin'] == "yes") {
And the next line:

$_SESSION['loggedin']="no";

Why are you reversing the value of 'loggedin'? Once the person is logged
in shouldn't they stay that way until session timeout or they log out?

When I click the logout button it works fine, but when I click on the
link inside the page it simply reloads the same page as if the session
variable has not changed at all? If I link to a page like this does it
call the script again, or does this need to be done with a form
submit? I must apologise for my lack of knowledge here! I program in
other languages and as a result I have that I can get really deep in
code I don't understand very fast!

Maybe you've already stated this in a previous email and I just don't
remember, what exactly is it that you're trying to accomplish?

Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions?

2005-03-02 Thread Chris W. Parker 
rory walsh 
on Wednesday, March 02, 2005 2:38 PM said:

> Is it to do with the link:
> 
> does this call the script again, just as an action="script.php" in a
> form would? Cheers for the help on this.

Yes it does. But it doesn't erase the session values (it seems that's
what you think is happening?).

I think what you need to do (I do this sometimes too) is start from
scratch and create a very basic test page that works as expected. Then
slowly add in the features you want. It'll give you a much greater
understanding of how things work and where you're going wrong. Sure it's
tedious but it'll help you in the long run.

Here is a good base to start with:




hth,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions?

2005-03-02 Thread rory walsh 
Sorry bout that little mistake. You right I mean to check to see if
$_SESSION['loggedin'] == "yes"; That doesn't make a difference as it 
turns out. The reason that I immediately change this is that I want the 
content of the page to change, and in order to do that I want to stop it 
from going into this code? Actually I am not going to do this, I will 
use another variable, but by setting $_SESSION['loggedin'] to 'no' it 
should not go into this test, but it somehow does? Is it to do with the 
link:

does this call the script again, just as an action="script.php" in a 
form would? Cheers for the help on this.

Chris W. Parker wrote:
rory walsh 
on Wednesday, March 02, 2005 2:08 PM said:

Thanks everyone, I'm getting closer. The only problem I have not is
that I keep entering that test, I modified it to change the session
variable once we enter the test but it somehow does not seem to
change it? This is the code,

Immediately I see:

if(strlen($_SESSION['loggedin']=="yes")){

That doesn't make sense. Do you mean?:
if($_SESSION['loggedin'] == "yes") {
And the next line:

$_SESSION['loggedin']="no";

Why are you reversing the value of 'loggedin'? Once the person is logged
in shouldn't they stay that way until session timeout or they log out?

When I click the logout button it works fine, but when I click on the
link inside the page it simply reloads the same page as if the session
variable has not changed at all? If I link to a page like this does it
call the script again, or does this need to be done with a form
submit? I must apologise for my lack of knowledge here! I program in
other languages and as a result I have that I can get really deep in
code I don't understand very fast!

Maybe you've already stated this in a previous email and I just don't
remember, what exactly is it that you're trying to accomplish?

Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions?

2005-03-02 Thread Chris W. Parker 
rory walsh 
on Wednesday, March 02, 2005 2:08 PM said:

> Thanks everyone, I'm getting closer. The only problem I have not is
> that I keep entering that test, I modified it to change the session
> variable once we enter the test but it somehow does not seem to
> change it? This is the code,

Immediately I see:

> if(strlen($_SESSION['loggedin']=="yes")){

That doesn't make sense. Do you mean?:

if($_SESSION['loggedin'] == "yes") {

And the next line:

> $_SESSION['loggedin']="no";

Why are you reversing the value of 'loggedin'? Once the person is logged
in shouldn't they stay that way until session timeout or they log out?

> When I click the logout button it works fine, but when I click on the
> link inside the page it simply reloads the same page as if the session
> variable has not changed at all? If I link to a page like this does it
> call the script again, or does this need to be done with a form
> submit? I must apologise for my lack of knowledge here! I program in
> other languages and as a result I have that I can get really deep in
> code I don't understand very fast!

Maybe you've already stated this in a previous email and I just don't
remember, what exactly is it that you're trying to accomplish?



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions?

2005-03-02 Thread rory walsh 
Thanks everyone, I'm getting closer. The only problem I have not is that 
I keep entering that test, I modified it to change the session variable 
once we enter the test but it somehow does not seem to change it? This 
is the code,

		
if(strlen($_SESSION['loggedin']=="yes")){
$_SESSION['loggedin']="no";
$CONTENT = "You are currently logged in as ".$_POST["username"].
"


If you would like to change the text on the main page please click 
here Edit intro 
pageFile Upload. Any files 
will appear in the 'students' page of the website. Files that uploaded 
here are not availablre to the public and can only be acccessed by 
students who have logged in. Because of security issues only well know 
file types such as word, acrobat and text files are legible for upload.




Send this file: 

	
";
}	

When I click the logout button it works fine, but when I click on the 
link inside the page it simply reloads the same page as if the session 
variable has not changed at all? If I link to a page like this does it 
call the script again, or does this need to be done with a form submit? 
I must apologise for my lack of knowledge here! I program in other 
languages and as a result I have that I can get really deep in code I 
don't understand very fast!

Rory Walsh wrote:
Yes I see what you mean. I only wanted to start a session IF the user 
logged in, but I see your point, the session can be started as soon as 
anyone opens the main page. I'll give it a go and see if that helps, 
cheers,
Rory.

Chris W. Parker wrote:
rory walsh 
on Wednesday, March 02, 2005 1:26 PM said:

The problem there is that I have to test if the user has logged on so
I need to include the if statement? Can the session_start not be
called from within an if statement? Does it really have to be the
very first thing in the script, if so I imagine that this means a
single script cannot be used to manage a complete website?

No session_start(); can go anywhere. It's just that it appears that your
logic is setup in such a way that session_start(); is not being called
when you need it be. By putting it before everything else you can avoid
this.
And as well, is there a reason you wouldn't want to just start the
session at the beginning of the page? I mean, why wait till the user has
submitted the form to start the session?

Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions?

2005-03-02 Thread Jochem Maas 
rory walsh wrote:
The problem there is that I have to test if the user has logged on so I 
need to include the if statement? 
there are 2 tests to do:
1. check to see whether the user is logged on already
2. check to see whether the user is trying to log on
Can the session_start not be called 
from within an if statement? 
not really, well you can but I can't think
of any reason that you would want to conditionally start the
session.
> Does it really have to be the very first
thing in the script, 
you have to call it before you use the session
(i.e. data stored in it).
if so I imagine that this means a single script 
cannot be used to manage a complete website?
it can. maybe if I rewrite you code a little
it will help you understand:

session_start(); // always start the session.
// you want something more secure as a login procedure!
if($_POST["username"]=="rory") {
// if user logs in as rory
// then mark the user as logged in
// in the session
$_SESSION['loggedin'] = "yes";
}
if ($_SESSION['loggedin'] == "yes") {
header("Cache-control: private");
}
Chris W. Parker wrote:
rory walsh 
on Wednesday, March 02, 2005 11:19 AM said:


Put session_start(); at the *very* beginning of your script. See if that
helps.

Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions?

2005-03-02 Thread rory walsh 
Yes I see what you mean. I only wanted to start a session IF the user 
logged in, but I see your point, the session can be started as soon as 
anyone opens the main page. I'll give it a go and see if that helps, cheers,
Rory.

Chris W. Parker wrote:
rory walsh 
on Wednesday, March 02, 2005 1:26 PM said:

The problem there is that I have to test if the user has logged on so
I need to include the if statement? Can the session_start not be
called from within an if statement? Does it really have to be the
very first thing in the script, if so I imagine that this means a
single script cannot be used to manage a complete website?

No session_start(); can go anywhere. It's just that it appears that your
logic is setup in such a way that session_start(); is not being called
when you need it be. By putting it before everything else you can avoid
this.
And as well, is there a reason you wouldn't want to just start the
session at the beginning of the page? I mean, why wait till the user has
submitted the form to start the session?

Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions?

2005-03-02 Thread Chris W. Parker 
rory walsh 
on Wednesday, March 02, 2005 1:26 PM said:

> The problem there is that I have to test if the user has logged on so
> I need to include the if statement? Can the session_start not be
> called from within an if statement? Does it really have to be the
> very first thing in the script, if so I imagine that this means a
> single script cannot be used to manage a complete website?

No session_start(); can go anywhere. It's just that it appears that your
logic is setup in such a way that session_start(); is not being called
when you need it be. By putting it before everything else you can avoid
this.

And as well, is there a reason you wouldn't want to just start the
session at the beginning of the page? I mean, why wait till the user has
submitted the form to start the session?



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions?

2005-03-02 Thread rory walsh 
The problem there is that I have to test if the user has logged on so I 
need to include the if statement? Can the session_start not be called 
from within an if statement? Does it really have to be the very first 
thing in the script, if so I imagine that this means a single script 
cannot be used to manage a complete website?

Chris W. Parker wrote:
rory walsh 
on Wednesday, March 02, 2005 11:19 AM said:


Put session_start(); at the *very* beginning of your script. See if that
helps.

Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions?

2005-03-02 Thread Chris W. Parker 
rory walsh 
on Wednesday, March 02, 2005 11:19 AM said:

>  if($_POST["username"]=="rory"){//if user logs in as rory start session
> session_start();
> header("Cache-control: private");
> $_SESSION['loggedin'] = "yes";
> }

Put session_start(); at the *very* beginning of your script. See if that
helps.



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP Sessions?

2005-03-02 Thread rory walsh 
Hi everyone, I am trying to work with the idea of sessions in PHP. 
Basically I have a self-processing script called index.php but somehow I 
keep losing my session variable, it works the first time around but when 
I call it the second time around its gone? I do not reset the variable 
or destroy the session are there any other reasons why this might occur? 
The basic layout of the script is this(note this is not the full script, 
I've just posted the relevant code and left out the other stuff.)


/*It enters the first time but when I call the script again from the 
form below this one the session variable is empty?*/
if(strlen($_SESSION['loggedin'])>2){

if($_POST["verify"]=="yes"){
die("test");
	$CONTENT .= "Your changes have been 
made.";
	}
$CONTENT = "You are currently logged in as ".$_POST["username"].
"


If you would like to change the text on the main page please click here
Edit intro pageFile 
Upload. Any files will appear in the 'students' page of the 
website. Files that uploaded here are not availablre to the public and 
can only be acccessed by students who have logged in. Because of 
security issues only well know file types such as word, acrobat and text 
files are legible for upload.




Send this file: 

	
";
}	
	

if ($action == "edit")
/*when user submits this is should call teh
script again and enter the test above but it doesn't?*/
{
$CONTENT =
"
$CONTENT


";
}
Cheers,
Rory.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] php sessions question

2004-10-21 Thread Reinhart Viane 

>I normally do as you have suggested here - but why do you suggest that 
>this method is better?
>  
>

One reason is for security. You cannot ever rule out the possibility of 
a user injecting someone else's data into the session to get access to 
information that he should not have. Of course he can fake the userid 
too. That's why each time you retrieve the userid from the session  you 
should check if that id has been logged in. I do this (so do many 
others) by keeping two column table with session id and userid in it.

-- 
Raditha Dissanayake.

Do you have an example or dou you know of any tutorials where this
method is used?
Thx
Reinhart

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions question

2004-10-21 Thread raditha dissanayake 
Pete wrote:

 

You should only save the userId in the session, everything else should 
be retrieved from your database using that id.
   

I normally do as you have suggested here - but why do you suggest that
this method is better?
 

One reason is for security. You cannot ever rule out the possibility of 
a user injecting someone else's data into the session to get access to 
information that he should not have. Of course he can fake the userid 
too. That's why each time you retrieve the userid from the session  you 
should check if that id has been logged in. I do this (so do many 
others) by keeping two column table with session id and userid in it.



--
Raditha Dissanayake.

http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload
Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader
Graphical User Inteface. Just 128 KB | with progress bar.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions question

2004-10-21 Thread Pete 
In message <[EMAIL PROTECTED]>, raditha dissanayake
<[EMAIL PROTECTED]> writes
>Reinhart Viane wrote:
>
>>in a page checkuser i do this after the user is logged in:
>>  PHP Code
>>  // Register some session variables!
>>  session_register('userid');
>>  $_SESSION['userid'] = $userid;
>>  session_register('first_name');
>>  $_SESSION['first_name'] = $first_name;
>>  session_register('last_name');
>>  $_SESSION['last_name'] = $last_name;
>>  session_register('email_address');
>>  $_SESSION['email_address'] = $email_address;
>>  session_register('user_level');
>>  $_SESSION['user_level'] = $user_level;
>>  
>>
>You should only save the userId in the session, everything else should 
>be retrieved from your database using that id.

I normally do as you have suggested here - but why do you suggest that
this method is better?

-- 
Pete Clark

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions question

2004-10-21 Thread raditha dissanayake 
Reinhart Viane wrote:
in a page checkuser i do this after the user is logged in:
 PHP Code
 // Register some session variables!
 session_register('userid');
 $_SESSION['userid'] = $userid;
 session_register('first_name');
 $_SESSION['first_name'] = $first_name;
 session_register('last_name');
 $_SESSION['last_name'] = $last_name;
 session_register('email_address');
 $_SESSION['email_address'] = $email_address;
 session_register('user_level');
 $_SESSION['user_level'] = $user_level;
 

You should only save the userId in the session, everything else should 
be retrieved from your database using that id.


Now let's say user 1 logs in, his session is registered (with userid from 
database is 5 and first_name is XXX)
Then another user logs in, again his session is registered (with userid from 
database is 1 and first_name is YYY)

 

Are both user's in the same computer? then there may be a question about 
the old cookie being sent back to the server (if it's expiration time 
has not been exceeded). If the users are not using the same computer the 
chances are you have a bug in your code.

Now user 1 leaves the pages (closes the browser) and user 2 uploads a 
document (with my own script).

When the document is succesfully uploaded i display this:
 PHP Code
 echo ($_SESSION['first_name']).", the document has been succesfully 
added";
 echo ($_SESSION['userid']);


This results in the folowing output:
YYY, the document has been succesfully added
5
Meaning the $_SESSION['first_name'] is correct, but the $_SESSION['userid'] 
is the one of the user who logged out...

Now when using user_id in all places it seems to work correctly...
Is userid something that is defined by the server when making sessions?
 

no.
If not, i don't have any clue what is going wrong...
Can someone help me on this? So i know what is wrong?
 


Thx in advance
Pout
 


--
Raditha Dissanayake.

http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload
Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader
Graphical User Inteface. Just 128 KB | with progress bar.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] php sessions question

2004-10-21 Thread Reinhart Viane 
in a page checkuser i do this after the user is logged in:
  PHP Code
  // Register some session variables!
  session_register('userid');
  $_SESSION['userid'] = $userid;
  session_register('first_name');
  $_SESSION['first_name'] = $first_name;
  session_register('last_name');
  $_SESSION['last_name'] = $last_name;
  session_register('email_address');
  $_SESSION['email_address'] = $email_address;
  session_register('user_level');
  $_SESSION['user_level'] = $user_level;



Now let's say user 1 logs in, his session is registered (with userid from 
database is 5 and first_name is XXX)
Then another user logs in, again his session is registered (with userid from 
database is 1 and first_name is YYY)

Now user 1 leaves the pages (closes the browser) and user 2 uploads a 
document (with my own script).

When the document is succesfully uploaded i display this:
  PHP Code
  echo ($_SESSION['first_name']).", the document has been succesfully 
added";
  echo ($_SESSION['userid']);



This results in the folowing output:
YYY, the document has been succesfully added
5

Meaning the $_SESSION['first_name'] is correct, but the $_SESSION['userid'] 
is the one of the user who logged out...

Now when using user_id in all places it seems to work correctly...

Is userid something that is defined by the server when making sessions?

If not, i don't have any clue what is going wrong...
Can someone help me on this? So i know what is wrong?

Thx in advance

Pout

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions Question

2004-07-08 Thread Tim Traver 
It could be a case that your provider is load balancing across several 
machines. If they are, and they aren't storing the session data in a 
central location, then that might account for the issue.

That would explain the intermittent failure. The user might be making 
keepalive requests to the same box and being ok, and then get bounced once 
it hits a machine that doesn't have the session data...

You might ask them about it...
Tim.

At 09:43 PM 7/8/2004, Ed Lazor wrote:
What kind of problems could be happening server-side that would result in
PHP sessions randomly disappearing?  And, is there a way to log or track
this information?  Oh, and best of all, any recommendations on solutions?

I have a PHP / MySQL application that's been running at a host provider for
almost a year now.  PHP sessions are used to track logged in users, For
example, $_SESSION["UserID"].  If the UserID isn't stored as a session
variable, the user must not be logged in, so prompt them with a login
screen.

Most recent updates were made last week and everything has been working fine
until this afternoon.  Session data is somehow being lost.  It seems random.
A person will be logged in and navigating through the site when they
suddenly get a login screen.  They'll log back in and continue navigating
for a little while when it will happen again - sometimes within seconds and
othertimes within minutes.  Sometimes it won't even happen for 30 minutes
and then it suddenly begins to occur again.

Thanks in advance for any ideas or recommendations that I can forward to my
hosting provider on how to fix the problem.

-Ed



SimpleNet's Back !
http://www.simplenet.com

[PHP] PHP Sessions Question

2004-07-08 Thread Ed Lazor 
What kind of problems could be happening server-side that would result in
PHP sessions randomly disappearing?  And, is there a way to log or track
this information?  Oh, and best of all, any recommendations on solutions?

 

I have a PHP / MySQL application that's been running at a host provider for
almost a year now.  PHP sessions are used to track logged in users, For
example, $_SESSION["UserID"].  If the UserID isn't stored as a session
variable, the user must not be logged in, so prompt them with a login
screen.

 

Most recent updates were made last week and everything has been working fine
until this afternoon.  Session data is somehow being lost.  It seems random.
A person will be logged in and navigating through the site when they
suddenly get a login screen.  They'll log back in and continue navigating
for a little while when it will happen again - sometimes within seconds and
othertimes within minutes.  Sometimes it won't even happen for 30 minutes
and then it suddenly begins to occur again.

 

Thanks in advance for any ideas or recommendations that I can forward to my
hosting provider on how to fix the problem.

 

-Ed

Re: [PHP] PHP Sessions on Windows

2004-05-12 Thread John W. Holmes 
David Mitchell wrote:

I first attempted to edit the php.ini so that the session save path was
C:\Temp. No matter what I did, the save path always showed up in phpinfo()
as /tmp. So I created folder on the root of C: called tmp and everything
worked.
You were not editing the correct php.ini, then.

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions on Windows

2004-05-12 Thread Daniel Clark 
I think you need to restart PHP to pickup the new php.ini changes.

My php.ini is in the windows directory (I believe).

>> -Original Message-
>> From: David Mitchell [mailto:[EMAIL PROTECTED]
>> Sent: 12 May 2004 13:21
>>
>> OK, I managed to get it working.
>>
>> I first attempted to edit the php.ini so that the session
>> save path was C:\Temp. No matter what I did, the save path
>> always showed up in phpinfo() as /tmp. So I created folder on
>> the root of C: called tmp and everything worked.
>
> This still looks like PHP is not looking for the php.ini file where you
> think it is.  I strongly suggest you follow the previous advice to work
> out
> where PHP is actually expecting your php.ini to be, before you have a need
> to change another initialization parameter.
>
> Cheers!
>
> Mike

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions on Windows

2004-05-12 Thread Ford, Mike [LSS] 
> -Original Message-
> From: David Mitchell [mailto:[EMAIL PROTECTED] 
> Sent: 12 May 2004 13:21
> 
> OK, I managed to get it working. 
> 
> I first attempted to edit the php.ini so that the session 
> save path was C:\Temp. No matter what I did, the save path 
> always showed up in phpinfo() as /tmp. So I created folder on 
> the root of C: called tmp and everything worked.

This still looks like PHP is not looking for the php.ini file where you
think it is.  I strongly suggest you follow the previous advice to work out
where PHP is actually expecting your php.ini to be, before you have a need
to change another initialization parameter.

Cheers!

Mike

-
Mike Ford,  Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services, JG125, James
Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS,  LS6
3QS,  United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730  Fax:  +44 113 283 3211

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions on Windows

2004-05-12 Thread David Mitchell 
OK, I managed to get it working. 

I first attempted to edit the php.ini so that the session save path was
C:\Temp. No matter what I did, the save path always showed up in phpinfo()
as /tmp. So I created folder on the root of C: called tmp and everything
worked.

Thanks,

Dave

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions on Windows

2004-05-12 Thread rich 
> How does one get sessions working on Windows? I have modified my php.ini
> file so that session.save_path = C:\Temp, restarted and Apache.
> Still I get
> this error message:
>
> Warning: session_start(): open(/tmp\sess_26310affee160329c9e50f27663f8971,
> O_RDWR) failed: No such file or directory (2) in
> c:\apache\htdocs\dbmdata\admin\61646d696e.php on line 2
>

check you have edited the correct php.ini -- run  and check
where the ini file is to make sure you changed the correct one...

hth
rich

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions on Windows

2004-05-11 Thread Daniel Clark 
Sounds right.

Do you have a C:\temp directory?

>>How does one get sessions working on Windows? I have modified my php.ini
>>file so that session.save_path = C:\Temp, restarted and Apache. Still I get
>>this error message:
>>
>>Warning: session_start(): open(/tmp\sess_26310affee160329c9e50f27663f8971,
>>O_RDWR) failed: No such file or directory (2) in
>>c:\apache\htdocs\dbmdata\admin\61646d696e.php on line 2
>>
>>This is the code that is triggering the error. It seems very straightforward
>>to me:
>>
>>session_start();
>>  echo $_SESSION['user'];
>>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP Sessions on Windows

2004-05-11 Thread David Mitchell 
Hello,

How does one get sessions working on Windows? I have modified my php.ini
file so that session.save_path = C:\Temp, restarted and Apache. Still I get
this error message:

Warning: session_start(): open(/tmp\sess_26310affee160329c9e50f27663f8971,
O_RDWR) failed: No such file or directory (2) in
c:\apache\htdocs\dbmdata\admin\61646d696e.php on line 2

This is the code that is triggering the error. It seems very straightforward
to me:

session_start();
echo $_SESSION['user'];

Why is this so incredibly difficult?

Thanks,

Dave

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP Sessions - One Server, Many Terminals

2004-03-16 Thread Damon Abilock 
I'm having a problem related to PHP sessions in a school computer lab
environment.  I have a script that uses sessions to keep track of a user and
their work on the system.  It is being used by a school in a computer lab in
which the students just have terminals -- they all access the same server
computer to run programs and do not have hard drives of their own.  They are
running software called "ClassLink" (see www.classlink2000.com) in this lab
(I'm not sure if that is really an important detail or not).

The problem is that everyone that students accessing the script on these
different terminals start seeing eachother's work, which implies that the
session information is not unique to each terminal (I expect that if I
printed out the session ID on all of these different terminals, they would
all be the same).

Is there anything that I can do about this?  How do I get my script to
recognize that it is being accessed by different terminals, even though it
is really only one physical computer (the server that all of these terminals
have a view into)?  Is there any other solution?

Cheers,
Damon

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions - Cookies Not Saving

2004-03-05 Thread electroteque 
 but it will
> save on my Linux box.

As sending cookies is pretty much a generic procedure which is not platform 
dependent it would suggest that your WinXP box is broken (needless to say I'm 
assuming that you have already ensured that your browser is configured to 
accept cookies). Have you tried any other browsers/platforms?

The above snippet means it works on  his linux box which is why i suggested to see if 
the session is storing in /tmp, he could prob have spyware running on his machine, i 
advice check out adaware.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions - Cookies Not Saving

2004-03-05 Thread Jason Wong 
On Friday 05 March 2004 13:05, Paul Higgins wrote:
> When I thought about what the compay really told me...it didn't make sense.
> All I know is that that cookie will not save on my WinXP box, but it will
> save on my Linux box.

As sending cookies is pretty much a generic procedure which is not platform 
dependent it would suggest that your WinXP box is broken (needless to say I'm 
assuming that you have already ensured that your browser is configured to 
accept cookies). Have you tried any other browsers/platforms?

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
All vacations and holidays create problems, except for one's own
-- Murphy's Laws on Work n34
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions - Cookies Not Saving

2004-03-05 Thread Ford, Mike [LSS] 
On 05 March 2004 03:33, Paul Higgins wrote:

> When I do:  print_r($_COOKIE); I get the following:
> Array ( [PHPSESSID] => 11781ce29c68ca7ef563110f37e43f38 )
> 
> Does that mean its setting the Cookie?

Yes.

Cheers!

Mike

-
Mike Ford,  Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS,  LS6 3QS,  United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730  Fax:  +44 113 283 3211 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions - Cookies Not Saving

2004-03-04 Thread Paul Higgins 
When I thought about what the compay really told me...it didn't make sense.  
All I know is that that cookie will not save on my WinXP box, but it will 
save on my Linux box.

Are there any special headers that I could use?

Paul


From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Re: [PHP] PHP Sessions - Cookies Not Saving
Date: Fri, 5 Mar 2004 15:24:32 +1100 (EST)
Is it a non default /tmp ? If so it should be in php.ini or u have to set
where it is with an ini_set , hope that helps.
> AAAGGGH!!
>
> I asked my hosting company where they were stored...on the server...I
> am so  mad at myself...all that time wasted.  Thanks for the help
> though...it was  much appreciated!
>
> Paul
>
>
>>From: <[EMAIL PROTECTED]>
>>To: <[EMAIL PROTECTED]>
>>Subject: Re: [PHP] PHP Sessions - Cookies Not Saving
>>Date: Fri, 5 Mar 2004 14:25:53 +1100 (EST)
>>
>>Are the hosts u looking at the same ? Like is it the very same link ?
>>Check on the XP box if you have cookies disabled, u can always check if
>>the session is being stored on the server too, look in /tmp first. Try
>>a  print_r
>>($_COOKIE); aswell.
>>
>>
>> > Hi everyone,
>> >
>> > I'm trying to create a session with PHP.  I'm using the following
>> > code:
>> >
>> > > >session_start( );
>> >
>> >print( session_id( ) );
>> >
>> >print( '');
>> >print( '' );
>> >print( '   > > "http://www.mysite.com/shopping_cart/Test2.php";>Here' );
>> >print( '' );
>> >print( '' );
>> > ?>
>> >
>> > Now, I'm trying to view this site on a WinXP box.  However, the
>> > cookies are  not being saved onto my machine.  I've viewed the site
>> > with Mozilla on a  Linux box, and it works fine.  What could be
>> > wrong?  Any help would be  greatly appreciated.
>> >
>> > I read somewhere that PHP had some issues with writing cookies to an
>> > NTFS  box.  Could that have anything to do with it?
>> >
>> > Thanks,
>> >
>> > Paul
>> >
>> > _
>> > FREE pop-up blocking with the new MSN Toolbar – get it now!
>> > http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>> >
>> > --
>> > PHP General Mailing List (http://www.php.net/)
>> > To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>--
>>PHP General Mailing List (http://www.php.net/)
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
> _
> FREE pop-up blocking with the new MSN Toolbar – get it now!
> http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
_
Get business advice and resources to improve your work life, from bCentral. 
http://special.msn.com/bcentral/loudclear.armx

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions - Cookies Not Saving

2004-03-04 Thread daniel 
Ahh is it showing in the url ? Usually it stores as a cookie, or via url, i
think that is also set in php.ini, someone want to ellaborate here ?

> If there is something in $_COOKIE, what does that mean?  That there is
> a  cookie somewhere?  Or is it appending the Session ID to the URL?
>
> Paul
>
>
>>From: <[EMAIL PROTECTED]>
>>To: <[EMAIL PROTECTED]>
>>Subject: Re: [PHP] PHP Sessions - Cookies Not Saving
>>Date: Fri, 5 Mar 2004 15:24:32 +1100 (EST)
>>
>>Is it a non default /tmp ? If so it should be in php.ini or u have to
>>set where it is with an ini_set , hope that helps.
>>
>> > AAAGGGH!!
>> >
>> > I asked my hosting company where they were stored...on the
>> > server...I am so  mad at myself...all that time wasted.  Thanks for
>> > the help though...it was  much appreciated!
>> >
>> > Paul
>> >
>> >
>> >>From: <[EMAIL PROTECTED]>
>> >>To: <[EMAIL PROTECTED]>
>> >>Subject: Re: [PHP] PHP Sessions - Cookies Not Saving
>> >>Date: Fri, 5 Mar 2004 14:25:53 +1100 (EST)
>> >>
>> >>Are the hosts u looking at the same ? Like is it the very same link
>> >>? Check on the XP box if you have cookies disabled, u can always
>> >>check if the session is being stored on the server too, look in /tmp
>> >>first. Try a  print_r
>> >>($_COOKIE); aswell.
>> >>
>> >>
>> >> > Hi everyone,
>> >> >
>> >> > I'm trying to create a session with PHP.  I'm using the following
>> >> > code:
>> >> >
>> >> > > >> >session_start( );
>> >> >
>> >> >print( session_id( ) );
>> >> >
>> >> >print( '');
>> >> >print( '' );
>> >> >print( ' > >> > "http://www.mysite.com/shopping_cart/Test2.php";>Here' );
>> >> >print( '' );
>> >> >print( '' );
>> >> > ?>
>> >> >
>> >> > Now, I'm trying to view this site on a WinXP box.  However, the
>> >> > cookies are  not being saved onto my machine.  I've viewed the
>> >> > site with Mozilla on a  Linux box, and it works fine.  What could
>> >> > be wrong?  Any help would be  greatly appreciated.
>> >> >
>> >> > I read somewhere that PHP had some issues with writing cookies to
>> >> > an NTFS  box.  Could that have anything to do with it?
>> >> >
>> >> > Thanks,
>> >> >
>> >> > Paul
>> >> >
>> >> > _
>> >> > FREE pop-up blocking with the new MSN Toolbar – get it now!
>> >> > http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>> >> >
>> >> > --
>> >> > PHP General Mailing List (http://www.php.net/)
>> >> > To unsubscribe, visit: http://www.php.net/unsub.php
>> >>
>> >>--
>> >>PHP General Mailing List (http://www.php.net/)
>> >>To unsubscribe, visit: http://www.php.net/unsub.php
>> >>
>> >
>> > _
>> > FREE pop-up blocking with the new MSN Toolbar – get it now!
>> > http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>> >
>> > --
>> > PHP General Mailing List (http://www.php.net/)
>> > To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>>--
>>PHP General Mailing List (http://www.php.net/)
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
> _
> Get a FREE online computer virus scan from McAfee when you click here.
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions - Cookies Not Saving

2004-03-04 Thread Paul Higgins 
If there is something in $_COOKIE, what does that mean?  That there is a 
cookie somewhere?  Or is it appending the Session ID to the URL?

Paul


From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Re: [PHP] PHP Sessions - Cookies Not Saving
Date: Fri, 5 Mar 2004 15:24:32 +1100 (EST)
Is it a non default /tmp ? If so it should be in php.ini or u have to set
where it is with an ini_set , hope that helps.
> AAAGGGH!!
>
> I asked my hosting company where they were stored...on the server...I
> am so  mad at myself...all that time wasted.  Thanks for the help
> though...it was  much appreciated!
>
> Paul
>
>
>>From: <[EMAIL PROTECTED]>
>>To: <[EMAIL PROTECTED]>
>>Subject: Re: [PHP] PHP Sessions - Cookies Not Saving
>>Date: Fri, 5 Mar 2004 14:25:53 +1100 (EST)
>>
>>Are the hosts u looking at the same ? Like is it the very same link ?
>>Check on the XP box if you have cookies disabled, u can always check if
>>the session is being stored on the server too, look in /tmp first. Try
>>a  print_r
>>($_COOKIE); aswell.
>>
>>
>> > Hi everyone,
>> >
>> > I'm trying to create a session with PHP.  I'm using the following
>> > code:
>> >
>> > > >session_start( );
>> >
>> >print( session_id( ) );
>> >
>> >print( '');
>> >print( '' );
>> >print( '   > > "http://www.mysite.com/shopping_cart/Test2.php";>Here' );
>> >print( '' );
>> >print( '' );
>> > ?>
>> >
>> > Now, I'm trying to view this site on a WinXP box.  However, the
>> > cookies are  not being saved onto my machine.  I've viewed the site
>> > with Mozilla on a  Linux box, and it works fine.  What could be
>> > wrong?  Any help would be  greatly appreciated.
>> >
>> > I read somewhere that PHP had some issues with writing cookies to an
>> > NTFS  box.  Could that have anything to do with it?
>> >
>> > Thanks,
>> >
>> > Paul
>> >
>> > _
>> > FREE pop-up blocking with the new MSN Toolbar – get it now!
>> > http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>> >
>> > --
>> > PHP General Mailing List (http://www.php.net/)
>> > To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>--
>>PHP General Mailing List (http://www.php.net/)
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
> _
> FREE pop-up blocking with the new MSN Toolbar – get it now!
> http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
_
Get a FREE online computer virus scan from McAfee when you click here. 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions - Cookies Not Saving

2004-03-04 Thread daniel 
Is it a non default /tmp ? If so it should be in php.ini or u have to set
where it is with an ini_set , hope that helps.

> AAAGGGH!!
>
> I asked my hosting company where they were stored...on the server...I
> am so  mad at myself...all that time wasted.  Thanks for the help
> though...it was  much appreciated!
>
> Paul
>
>
>>From: <[EMAIL PROTECTED]>
>>To: <[EMAIL PROTECTED]>
>>Subject: Re: [PHP] PHP Sessions - Cookies Not Saving
>>Date: Fri, 5 Mar 2004 14:25:53 +1100 (EST)
>>
>>Are the hosts u looking at the same ? Like is it the very same link ?
>>Check on the XP box if you have cookies disabled, u can always check if
>>the session is being stored on the server too, look in /tmp first. Try
>>a  print_r
>>($_COOKIE); aswell.
>>
>>
>> > Hi everyone,
>> >
>> > I'm trying to create a session with PHP.  I'm using the following
>> > code:
>> >
>> > > >session_start( );
>> >
>> >print( session_id( ) );
>> >
>> >print( '');
>> >print( '' );
>> >print( '> > "http://www.mysite.com/shopping_cart/Test2.php";>Here' );
>> >print( '' );
>> >print( '' );
>> > ?>
>> >
>> > Now, I'm trying to view this site on a WinXP box.  However, the
>> > cookies are  not being saved onto my machine.  I've viewed the site
>> > with Mozilla on a  Linux box, and it works fine.  What could be
>> > wrong?  Any help would be  greatly appreciated.
>> >
>> > I read somewhere that PHP had some issues with writing cookies to an
>> > NTFS  box.  Could that have anything to do with it?
>> >
>> > Thanks,
>> >
>> > Paul
>> >
>> > _
>> > FREE pop-up blocking with the new MSN Toolbar – get it now!
>> > http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>> >
>> > --
>> > PHP General Mailing List (http://www.php.net/)
>> > To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>--
>>PHP General Mailing List (http://www.php.net/)
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
> _
> FREE pop-up blocking with the new MSN Toolbar – get it now!
> http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions - Cookies Not Saving

2004-03-04 Thread Paul Higgins 
AAAGGGH!!

I asked my hosting company where they were stored...on the server...I am so 
mad at myself...all that time wasted.  Thanks for the help though...it was 
much appreciated!

Paul


From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Re: [PHP] PHP Sessions - Cookies Not Saving
Date: Fri, 5 Mar 2004 14:25:53 +1100 (EST)
Are the hosts u looking at the same ? Like is it the very same link ? Check
on the XP box if you have cookies disabled, u can always check if the
session is being stored on the server too, look in /tmp first. Try a 
print_r
($_COOKIE); aswell.

> Hi everyone,
>
> I'm trying to create a session with PHP.  I'm using the following code:
>
> session_start( );
>
>print( session_id( ) );
>
>print( '');
>print( '' );
>print( ' "http://www.mysite.com/shopping_cart/Test2.php";>Here' );
>print( '' );
>print( '' );
> ?>
>
> Now, I'm trying to view this site on a WinXP box.  However, the cookies
> are  not being saved onto my machine.  I've viewed the site with
> Mozilla on a  Linux box, and it works fine.  What could be wrong?  Any
> help would be  greatly appreciated.
>
> I read somewhere that PHP had some issues with writing cookies to an
> NTFS  box.  Could that have anything to do with it?
>
> Thanks,
>
> Paul
>
> _
> FREE pop-up blocking with the new MSN Toolbar – get it now!
> http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
_
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions - Cookies Not Saving

2004-03-04 Thread Paul Higgins 
When I do:  print_r($_COOKIE); I get the following:
Array ( [PHPSESSID] => 11781ce29c68ca7ef563110f37e43f38 )
Does that mean its setting the Cookie?  I can't see the cookie on my 
computer.  I don't have cookies disabled because I'm getting cookies from 
other sites.  The privacy setting is set to Medium.

Thanks,

Paul


From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Re: [PHP] PHP Sessions - Cookies Not Saving
Date: Fri, 5 Mar 2004 14:25:53 +1100 (EST)
Are the hosts u looking at the same ? Like is it the very same link ? Check
on the XP box if you have cookies disabled, u can always check if the
session is being stored on the server too, look in /tmp first. Try a 
print_r
($_COOKIE); aswell.

> Hi everyone,
>
> I'm trying to create a session with PHP.  I'm using the following code:
>
> session_start( );
>
>print( session_id( ) );
>
>print( '');
>print( '' );
>print( ' "http://www.mysite.com/shopping_cart/Test2.php";>Here' );
>print( '' );
>print( '' );
> ?>
>
> Now, I'm trying to view this site on a WinXP box.  However, the cookies
> are  not being saved onto my machine.  I've viewed the site with
> Mozilla on a  Linux box, and it works fine.  What could be wrong?  Any
> help would be  greatly appreciated.
>
> I read somewhere that PHP had some issues with writing cookies to an
> NTFS  box.  Could that have anything to do with it?
>
> Thanks,
>
> Paul
>
> _
> FREE pop-up blocking with the new MSN Toolbar – get it now!
> http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
_
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions - Cookies Not Saving

2004-03-04 Thread daniel 
Are the hosts u looking at the same ? Like is it the very same link ? Check
on the XP box if you have cookies disabled, u can always check if the
session is being stored on the server too, look in /tmp first. Try a print_r
($_COOKIE); aswell.


> Hi everyone,
>
> I'm trying to create a session with PHP.  I'm using the following code:
>
> session_start( );
>
>print( session_id( ) );
>
>print( '');
>print( '' );
>print( '"http://www.mysite.com/shopping_cart/Test2.php";>Here' );
>print( '' );
>print( '' );
> ?>
>
> Now, I'm trying to view this site on a WinXP box.  However, the cookies
> are  not being saved onto my machine.  I've viewed the site with
> Mozilla on a  Linux box, and it works fine.  What could be wrong?  Any
> help would be  greatly appreciated.
>
> I read somewhere that PHP had some issues with writing cookies to an
> NTFS  box.  Could that have anything to do with it?
>
> Thanks,
>
> Paul
>
> _
> FREE pop-up blocking with the new MSN Toolbar – get it now!
> http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP Sessions - Cookies Not Saving

2004-03-04 Thread Paul Higgins 
Hi everyone,

I'm trying to create a session with PHP.  I'm using the following code:


   print( session_id( ) );

   print( '');
   print( '' );
   print( '	http://www.mysite.com/shopping_cart/Test2.php";>Here' );
   print( '' );
   print( '' );
?>

Now, I'm trying to view this site on a WinXP box.  However, the cookies are 
not being saved onto my machine.  I've viewed the site with Mozilla on a 
Linux box, and it works fine.  What could be wrong?  Any help would be 
greatly appreciated.

I read somewhere that PHP had some issues with writing cookies to an NTFS 
box.  Could that have anything to do with it?

Thanks,

Paul

_
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP Sessions and Cookies

2004-03-03 Thread Paul Higgins 
I have a couple of questions regarding sessions and cookies:

1)  Is there a way to append information to a cookie?  I have read that it 
is, but I have also read many problems.  Is there any particular way to do 
this?  I ask this because cookies are being generated by two different types 
of scripts.  However, they are both on the same site.  So, I have access to 
them, no problem.  I just want to append information to the same cookie.

2)  If I append the PHP session id to every url, will PHP skip the cookies 
completely?  I know this is more insecure.  This option is only important if 
I cannot append information to the cookie.

Thanks,

Paul

_
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions

2004-02-29 Thread Tom Rogers 
Hi,

Monday, March 1, 2004, 3:04:13 AM, you wrote:
PH> Hello everyone,

PH> I'm beginning to experiment with PHP sessions.  I was wondering if it is
PH> possible to place objects into the session?

PH> Thanks,

PH> Paul

PH> _
PH> Take off on a romantic weekend or a family adventure to these great U.S.
PH> locations. http://special.msn.com/local/hotdestinations.armx


You can, but you must make sure that the object is declared on the
next page before you do session_start();

-- 
regards,
Tom

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP Sessions

2004-02-29 Thread Paul Higgins 
Hello everyone,

I'm beginning to experiment with PHP sessions.  I was wondering if it is 
possible to place objects into the session?

Thanks,

Paul

_
Take off on a romantic weekend or a family adventure to these great U.S. 
locations. http://special.msn.com/local/hotdestinations.armx

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] php sessions

2003-10-28 Thread Pablo Gosse 

On Tuesday, October 28, 2003 2:13 PM CPT John W. Holmes wrote:

> It may depend upon how you open the second window, too. Control-N may
use
> the same cookies whereas starting a whole new instance may not.

This is the case with IE.  If I'm in my CMS and ctrl-N to get a new
window, I can operate under both windows using the same session.  If I
open a new instance of IE and go to a page in the CMS beyond the login
screen, it boots me back to the login screen.

Cheers,
Pablo

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

2003-10-28 Thread CPT John W. Holmes 
From: "Chris Shiflett" <[EMAIL PROTECTED]>
> > But I was talking about cookies anyway. Which is where different
> > browsers have different behaviors. In IE, by default, it will not
> > pass a cookie from a new browser window.
>
> This is very interesting. I might try to research this a bit more and see
what
> the motivation was for doing this. From a user perspective, it seems very
> counterintuitive. Thanks for the info.

It may depend upon how you open the second window, too. Control-N may use
the same cookies whereas starting a whole new instance may not.

---John Holmes...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

2003-10-28 Thread Chris Shiflett 
--- Rob Adams <[EMAIL PROTECTED]> wrote:
> That doesn't seem to be what he's saying.
> 
> "because of the different session IDs."
> 
> It seems to me a better example of what he is saying would be:
> http://example.org/foo.php?PHPSESSID=12345
> vs.
> http://example.org/foo.php?PHPSESSID=67890

Perhaps I should have elaborated a bit more.

Browser instance A:
1. Request http://example.org/foo.php
2. PHP assigns PHPSESSID of 12345
3. Returned page has a link for http://example.org/bar.php?PHPSESSID=12345
4. Request http://example.org/bar.php?PHPSESSID=12345

Browser instance B:
1. Request http://example.org/foo.php
2. PHP assigns PHPSESSID of 67890
3. Returned page has a link for http://example.org/bar.php?PHPSESSID=67890
4. Request http://example.org/bar.php?PHPSESSID=67890

Because A4 and B4 are different requests, they get different responses. So, in
a way, the server is able to distinguish between the two instances, but only
because of that. If instance A sends the request in B4, it will get the same
response as instance B would have.

That wasn't a great explanation, but maybe it is at least better than my last
attempt.

> But I was talking about cookies anyway. Which is where different
> browsers have different behaviors. In IE, by default, it will not
> pass a cookie from a new browser window.

This is very interesting. I might try to research this a bit more and see what
the motivation was for doing this. From a user perspective, it seems very
counterintuitive. Thanks for the info.

Chris

=
My Blog
 http://shiflett.org/
HTTP Developer's Handbook
 http://httphandbook.org/
RAMP Training Courses
 http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

2003-10-28 Thread Rob Adams 

"Chris Shiflett" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> --- "CPT John W. Holmes" <[EMAIL PROTECTED]> wrote:
> > If you are not relying on a cookie based session, then this will
> > work. Each login could be assigned a different session ID, so the
> > requests for each browser will be different because of the different
> > session IDs.
>
> What John is explaining here is that the URLs could be different if that
is how
> the session ID is propogated, thus making the requests different (they're
for
> different URLs). So, if you click a link from:

That doesn't seem to be what he's saying.

"because of the different session IDs."

 It seems to me a better example of what he is saying would be:
http://example.org/foo.php?PHPSESSID=12345
vs.
http://example.org/foo.php?PHPSESSID=67890

But I was talking about cookies anyway.  Which is where different browsers
have different behaviors.  In IE, by default, it will not pass a cookie from
a new browser window.  In Mozilla, by default, a new window keeps all the
cookies currently set.  I've mostly used IE, so I've always thought that it
never passed cookies from a new browser window.  Apparently, it just depends
on which browser you're using and how it is setup.

  -- Rob




>
> http://example.org/foo.php?PHPSESSID=12345
>
> it could be for:
>
> http://example.org/bar.php?PHPSESSID=12345
>
> Hope that helps.
>
> Chris
>
> =
> My Blog
>  http://shiflett.org/
> HTTP Developer's Handbook
>  http://httphandbook.org/
> RAMP Training Courses
>  http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

2003-10-28 Thread Chris Shiflett 
--- "CPT John W. Holmes" <[EMAIL PROTECTED]> wrote:
> If you are not relying on a cookie based session, then this will
> work. Each login could be assigned a different session ID, so the
> requests for each browser will be different because of the different
> session IDs.

What John is explaining here is that the URLs could be different if that is how
the session ID is propogated, thus making the requests different (they're for
different URLs). So, if you click a link from:

http://example.org/foo.php?PHPSESSID=12345

it could be for:

http://example.org/bar.php?PHPSESSID=12345

Hope that helps.

Chris

=
My Blog
 http://shiflett.org/
HTTP Developer's Handbook
 http://httphandbook.org/
RAMP Training Courses
 http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

2003-10-28 Thread Rob Adams 
Another test:

I just downloaded and installed Mozilla (1.5).  I logged into my site,
opened another window, and was logged in there also.  I logged out of the
second window, hit a "Home" link on the first window, and got a login
screen.  This is new behavior for a browser for me, but now I understand how
it works.  Thanks for the discussion.

  -- Rob



"Rob Adams" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>
> "Curt Zirzow" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > * Thus wrote Rob Adams ([EMAIL PROTECTED]):
> > > I will test it, because it seems I don't understand this issue as much
> as I
> > > could.  But I can already tell you results I see right now:
> > >
> > > I open a web browser (IE) and login to my application.  I open another
> > > window (IE) and goto the web application, and it asks me to login.
This
> is
> > > all on the same computer.  (As I've explained all this before.)  Now,
> > > perhaps I don't know what I'm talking about, and this is a different
> issue.
> > > If so, I'm pretty sure you'll certainly try to set me straight.  If
not,
> > > then it certainly seems relevant to the discussion, and that my one
> client
> > > (IE) is sending two different requests from two different windows on
the
> > > same computer.
> >
> > This is entirely up to the client, deciding to send a cookie or not
> > when opening a new browser window.  You can even turn the behaviour,
> > you describe, off in IE.
> >
> > The problem is the php script doesn't know that the browser you
> > opened (that give you back the login screen) is even related to the
> > other browser window.  All the php script knows is that you simply
> > don't have a cookie.
>
> That has been my point all along.  Perhaps I misunderstood you:
>
> "there is no way for a remote Web server to distinguish between two
> instances of the
> same browser running on the client machine."
> vs.
> "The problem is the php script doesn't know that the browser you
>  opened (that give you back the login screen) is even related to the
>  other browser window."
>
> Aren't these almost exactly opposite statements?
> Isn't the web server distinguishing between the two instances?   Using the
> cookie?
>
>   -- Rob
>
>
>
>
> >
> >
> > Curt
> > -- 
> > "My PHP key is worn out"
> >
> >   PHP List stats since 1997:
> > http://zirzow.dyndns.org/html/mlists/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

2003-10-28 Thread Rob Adams 

"Curt Zirzow" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> * Thus wrote Rob Adams ([EMAIL PROTECTED]):
> > I will test it, because it seems I don't understand this issue as much
as I
> > could.  But I can already tell you results I see right now:
> >
> > I open a web browser (IE) and login to my application.  I open another
> > window (IE) and goto the web application, and it asks me to login.  This
is
> > all on the same computer.  (As I've explained all this before.)  Now,
> > perhaps I don't know what I'm talking about, and this is a different
issue.
> > If so, I'm pretty sure you'll certainly try to set me straight.  If not,
> > then it certainly seems relevant to the discussion, and that my one
client
> > (IE) is sending two different requests from two different windows on the
> > same computer.
>
> This is entirely up to the client, deciding to send a cookie or not
> when opening a new browser window.  You can even turn the behaviour,
> you describe, off in IE.
>
> The problem is the php script doesn't know that the browser you
> opened (that give you back the login screen) is even related to the
> other browser window.  All the php script knows is that you simply
> don't have a cookie.

That has been my point all along.  Perhaps I misunderstood you:

"there is no way for a remote Web server to distinguish between two
instances of the
same browser running on the client machine."
vs.
"The problem is the php script doesn't know that the browser you
 opened (that give you back the login screen) is even related to the
 other browser window."

Aren't these almost exactly opposite statements?
Isn't the web server distinguishing between the two instances?   Using the
cookie?

  -- Rob




>
>
> Curt
> -- 
> "My PHP key is worn out"
>
>   PHP List stats since 1997:
> http://zirzow.dyndns.org/html/mlists/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

2003-10-28 Thread Curt Zirzow 
* Thus wrote Rob Adams ([EMAIL PROTECTED]):
> I will test it, because it seems I don't understand this issue as much as I
> could.  But I can already tell you results I see right now:
> 
> I open a web browser (IE) and login to my application.  I open another
> window (IE) and goto the web application, and it asks me to login.  This is
> all on the same computer.  (As I've explained all this before.)  Now,
> perhaps I don't know what I'm talking about, and this is a different issue.
> If so, I'm pretty sure you'll certainly try to set me straight.  If not,
> then it certainly seems relevant to the discussion, and that my one client
> (IE) is sending two different requests from two different windows on the
> same computer.

This is entirely up to the client, deciding to send a cookie or not
when opening a new browser window.  You can even turn the behaviour,
you describe, off in IE.

The problem is the php script doesn't know that the browser you
opened (that give you back the login screen) is even related to the
other browser window.  All the php script knows is that you simply
don't have a cookie.


Curt
-- 
"My PHP key is worn out"

  PHP List stats since 1997: 
http://zirzow.dyndns.org/html/mlists/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

2003-10-28 Thread Rob Adams 
So you're saying if the session ID is passed in on the URL it will work.
But I'm using cookies.  The only thing that gets passed on the URL is a
pagename.  Perhaps there is something funky about my setup, but it has
always worked this way for me.

  -- Rob


"Cpt John W. Holmes" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> From: "Chris Shiflett" <[EMAIL PROTECTED]>
>
>
> > --- Rob Adams <[EMAIL PROTECTED]> wrote:
> > > Test it yourself.
> >
> > With all due respect, it seems you should be doing the testing.
> >
> > > Login to a PHP app using a standard browser and session cookies
> > > and see for yourself. I understand the philosophy of the web
> > > server only seeing what the client sends it, but it looks like my
> > > client (IE6, right here) does send different requests per instance.
> >
> > Then show us these requests and point out how they are different.
> Otherwise, I
> > have to assume you have no idea what you're talking about.
>
> If you are not relying on a cookie based session, then this will work.
Each
> login could be assigned a different session ID, so the requests for each
> browser will be different because of the different session IDs.
>
> ---John Holmes...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] php sessions

2003-10-28 Thread Pablo Gosse 
Hi Rob.  That seems perfectly logical.  I've written a Content
Management System which (when it's finished in a couple of months ;o)
run the website at the university where I work.

I can presently open an instance of the CMS in IE, login as admin, then
open a new window and request another instance of the CMS, and login as
a less-privelidged user.

I can then use these two separate instances and work as two individual
users in the CMS at the same time.

Cheers,
Pablo

-Original Message-
From: Rob Adams [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 28, 2003 11:56 AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] php sessions

I will test it, because it seems I don't understand this issue as much
as I
could.  But I can already tell you results I see right now:

I open a web browser (IE) and login to my application.  I open another
window (IE) and goto the web application, and it asks me to login.  This
is
all on the same computer.  (As I've explained all this before.)  Now,
perhaps I don't know what I'm talking about, and this is a different
issue.
If so, I'm pretty sure you'll certainly try to set me straight.  If not,
then it certainly seems relevant to the discussion, and that my one
client
(IE) is sending two different requests from two different windows on the
same computer.

  -- Rob


"Chris Shiflett" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> --- Rob Adams <[EMAIL PROTECTED]> wrote:
> > Test it yourself.
>
> With all due respect, it seems you should be doing the testing.
>
> > Login to a PHP app using a standard browser and session cookies
> > and see for yourself. I understand the philosophy of the web
> > server only seeing what the client sends it, but it looks like my
> > client (IE6, right here) does send different requests per instance.
>
> Then show us these requests and point out how they are different.
Otherwise, I
> have to assume you have no idea what you're talking about.
>
> Chris
>
> =
> My Blog
>  http://shiflett.org/
> HTTP Developer's Handbook
>  http://httphandbook.org/
> RAMP Training Courses
>  http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

2003-10-28 Thread CPT John W. Holmes 
From: "Chris Shiflett" <[EMAIL PROTECTED]>


> --- Rob Adams <[EMAIL PROTECTED]> wrote:
> > Test it yourself.
>
> With all due respect, it seems you should be doing the testing.
>
> > Login to a PHP app using a standard browser and session cookies
> > and see for yourself. I understand the philosophy of the web
> > server only seeing what the client sends it, but it looks like my
> > client (IE6, right here) does send different requests per instance.
>
> Then show us these requests and point out how they are different.
Otherwise, I
> have to assume you have no idea what you're talking about.

If you are not relying on a cookie based session, then this will work. Each
login could be assigned a different session ID, so the requests for each
browser will be different because of the different session IDs.

---John Holmes...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

2003-10-28 Thread Rob Adams 
I will test it, because it seems I don't understand this issue as much as I
could.  But I can already tell you results I see right now:

I open a web browser (IE) and login to my application.  I open another
window (IE) and goto the web application, and it asks me to login.  This is
all on the same computer.  (As I've explained all this before.)  Now,
perhaps I don't know what I'm talking about, and this is a different issue.
If so, I'm pretty sure you'll certainly try to set me straight.  If not,
then it certainly seems relevant to the discussion, and that my one client
(IE) is sending two different requests from two different windows on the
same computer.

  -- Rob


"Chris Shiflett" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> --- Rob Adams <[EMAIL PROTECTED]> wrote:
> > Test it yourself.
>
> With all due respect, it seems you should be doing the testing.
>
> > Login to a PHP app using a standard browser and session cookies
> > and see for yourself. I understand the philosophy of the web
> > server only seeing what the client sends it, but it looks like my
> > client (IE6, right here) does send different requests per instance.
>
> Then show us these requests and point out how they are different.
Otherwise, I
> have to assume you have no idea what you're talking about.
>
> Chris
>
> =
> My Blog
>  http://shiflett.org/
> HTTP Developer's Handbook
>  http://httphandbook.org/
> RAMP Training Courses
>  http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

2003-10-28 Thread Chris Shiflett 
--- Rob Adams <[EMAIL PROTECTED]> wrote:
> Test it yourself.

With all due respect, it seems you should be doing the testing.

> Login to a PHP app using a standard browser and session cookies
> and see for yourself. I understand the philosophy of the web
> server only seeing what the client sends it, but it looks like my
> client (IE6, right here) does send different requests per instance.

Then show us these requests and point out how they are different. Otherwise, I
have to assume you have no idea what you're talking about.

Chris

=
My Blog
 http://shiflett.org/
HTTP Developer's Handbook
 http://httphandbook.org/
RAMP Training Courses
 http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

2003-10-28 Thread Rob Adams 

"Chris Shiflett" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> --- Rob Adams <[EMAIL PROTECTED]> wrote:
> > > I'm not sure if this fits your definition of "new browser
> > > instance", but there is no way for a remote Web server to
> > > distinguish between two instances of the same browser running
> > > on the client machine.
> >
> > That can't be true.
>
> It can, and it is.
>
> The only way a Web server could distinguish between them is if the
browsers

So there is a way, and it's not true.

Test it yourself.  Login to a PHP app using a standard browser and session
cookies and see for yourself.  I understand the philosophy of the web server
only seeing what the client sends it, but it looks like my client (IE6,
right here) does send different requests per instance.  It's not just 'in
theory.'


> sent something unique per instance within the HTTP request. So, you could
write
> a browser that does this in theory, but that doesn't really do you much
good
> unless you can convince your users to use it.
>
> It would be very unusual behavior, so I doubt anyone would want this.
>
> Chris
>
> =
> My Blog
>  http://shiflett.org/
> HTTP Developer's Handbook
>  http://httphandbook.org/
> RAMP Training Courses
>  http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

2003-10-28 Thread Chris Shiflett 
--- Rob Adams <[EMAIL PROTECTED]> wrote:
> > I'm not sure if this fits your definition of "new browser
> > instance", but there is no way for a remote Web server to
> > distinguish between two instances of the same browser running
> > on the client machine.
> 
> That can't be true.

It can, and it is.

The only way a Web server could distinguish between them is if the browsers
sent something unique per instance within the HTTP request. So, you could write
a browser that does this in theory, but that doesn't really do you much good
unless you can convince your users to use it.

It would be very unusual behavior, so I doubt anyone would want this.

Chris

=
My Blog
 http://shiflett.org/
HTTP Developer's Handbook
 http://httphandbook.org/
RAMP Training Courses
 http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

2003-10-28 Thread Rob Adams 
"Chris Shiflett" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> --- "S.P.Vimala" <[EMAIL PROTECTED]> wrote:
> > How to create a unique session for every new browser instance?
>
> I'm not sure if this fits your definition of "new browser instance", but
there
> is no way for a remote Web server to distinguish between two instances of
the
> same browser running on the client machine.


That can't be true.  I don't claim to understand exactly how it works, but
here is what happens for me.  I have an application that I log into.  Once
I'm logged in, if I open the URL in another browser window, it just gives me
the login page.  My guess is that the first browser window is passing a
cookie identifying the session that the second one doesn't know about.  In
your case, when you're not using cookies, the session ID must be passed on
the URL.  I don't know much about using trans_sid, so i can't help you
further.

  -- Rob




>
> Maybe that explains something?
>
> Chris
>
> =
> My Blog
>  http://shiflett.org/
> HTTP Developer's Handbook
>  http://httphandbook.org/
> RAMP Training Courses
>  http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

2003-10-28 Thread Chris Shiflett 
--- "S.P.Vimala" <[EMAIL PROTECTED]> wrote:
> How to create a unique session for every new browser instance?

I'm not sure if this fits your definition of "new browser instance", but there
is no way for a remote Web server to distinguish between two instances of the
same browser running on the client machine.

Maybe that explains something?

Chris

=
My Blog
 http://shiflett.org/
HTTP Developer's Handbook
 http://httphandbook.org/
RAMP Training Courses
 http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] php sessions

2003-10-28 Thread S.P.Vimala 
Hi,

I'm developing a web application which is making use of sessions. I
have the following configuration is my php.ini file

session.use_cookies = 0

session.use_trans_sid = 1

session.auto_start = 0

register_globals = On

This does not give me a new session_id when the application is opened
in the same machine. If opened from different machines it gives me  a
different session_id.

I create sessions using session_register() function. My php version
 is 4.2.2

How to create a unique session for every new browser instance?

-vimala/.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP Sessions

2003-10-25 Thread Phil King 
Hi All,

I have a login page that which verifies he username & password against a
MySql database and then passes the username to another page as a session.
I created this on my PC,  which is running PHP version 4.3.2, and it works
with no problem.

My host has the following set  on the server which is running PHP Version
4.3.3:
1. register_globals set to off,
2. Session.bug_compa4_42 set to on
3. Session.bug.Compat-Warn set to on.

When I submit the form I get a warning about :

"Warning: Unknown(): Your script possibly relies on a session side-effect
which existed until PHP 4.2.3.
 Please be advised that the session extension does not consider global
variables as a source of data, unless register_globals is enabled. You can
disable this functionality and this warning by setting session.bug_compat_42
or session.bug_compat_warn to off, respectively. in Unknown on line 0"

I have tried using :
ini_set ("session.bug_compat_42", "0") and ini_set
("session.bug_compat_warn", "0"), to override the PHP.ini on the server but
now when I submit the form on the Login page the server just hangs and then
the services on that server stop.

Can anyone shed any light on why a simple login page could crash a server.?

Thanks for any advice so that I can pass information to my host to rectify
what maybe a configuration error.

Thanks again.

Phil.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP SESSIONS and FRAMES

2003-08-03 Thread Ralph Guzman 
I have a shopping cart with affiliate sales support. What's happening is
that some affiliates are using frames to use their domain while using
our shopping cart. So they are using a frameset like this:



   

   http://www.domain.com/?store_id=15008";>



The problem I'm having is that sessions are not being passed properly or
are expiring. 

Anybody experience this kind of problem? If so can you provide any
advice on passing sessions through frames?

Thanks.




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP Sessions

2003-07-30 Thread Lee Stewart 
Hi Curt,

No I didn't see a post about space on /tmp...   Using df it shows the file 
system to only be about 70% full, so there's plenty of space there.   Did 
you mean something else?

Any other thoughts on where to look?

Thanks,
Lee

* Thus wrote Lee Stewart ([EMAIL PROTECTED]):

> Using the $_SESSION[] style produces the same results...   Zero length
> session file in /tmp, and no data passed...   (available at
> http://4.43.81.92/page1a.php)
You did see my post about space left on /tmp?

>
> So where do I go from here...Is there any way to debug it?   Like I
> said, I suspect it's not a PHP code bug, but I'm at a loss as to where to
> go from here (other than re-writing the entire application in some other
> language -- which I really don't want to do)...
another language?  how dare you say such thing here on this list :)

Curt
-- "I used to think I was indecisive, but now I'm not so sure."


--
Lee Stewart, Senior SE
Sytek Services, a Division of DSG
(719) 566-0188 , Fax (719) 566-0655
[EMAIL PROTECTED]
www.sytek-services.com
www.dsgroup.com 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP Sessions and Cookies

2003-06-30 Thread Matt MacLeod 
Guys/Gals,
I've built a registration page on a site that stores a unique id for a 
user when they register. That id is then stored in a database and set as 
a session variable and as a cookie and is used to register personal user 
preferences.

The reason I use both is that I don't really want to make people log in 
everytime they revisit the site. I use the session so that people who 
have cookies turned off can still benefit from the personalisation. The 
cookie is used so that when a user revisits the site, they don't have to 
log in again.

I then have a script that I call in every page that checks for the 
session variable and the cookie. I have been testing the script using

echo $_SESSION['usr']; and
echo $_COOKIE['usr'];
and I get correct values for both. Unfortunately if I then close the 
browser, reopen it and visit the site, both the cookie and the session 
produce no values. Obviously, the session value should be blank, but the 
cookie should produce a value.

This is my 'global' cookie/session checker script:


// CHECK IF SESSION EXISTS.
if (!isset($_SESSION['usr'])) {
// IF NO, THEN CHECK FOR COOKIE
   if (isset($_COOKIE['usr'])) {
// IF 'YES' THEN START SESSION
   $_SESSION['usr'] = $_COOKIE['usr'];
   }
  
// IF 'YES' THEN QUIT   
   }
   else {
   // IF THE SESSION EXISTS, MAKE SURE [EMAIL PROTECTED] VALUE MATCHES THAT OF THE 
COOKIE
   setcookie("usr", $_SESSION['usr'], 
mktime(21,00,0,12,31,2014),"/","bigbarn0.kbnet.net", 0);
// END
}

?>

If anyone can point out an error, please do!

Thanks,
Matt
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions Not Saving

2003-02-04 Thread Jonathan Wright 
At around Tue, Feb 04, 2003 at 02:06:35PM +0800, Jason Wong constructed the following 
notation:
> > >
> > > Recompile, why?  How about a link?
> > >
> > > ln -s /sbin/sendmail /usr/sbin/sendmail
> >
> > During the ./configure part of the installation, PHP checks for
> > sendmail, but only in /sbin/sendmail. If it doesn't find it, the
> > function mail() isn't complied in.
> >
> > I just get 'call to undefined function mail()' in x/y.php on z.
> 
> But according to the manual configure should check both locations?

I can't remember where i saw it (i think it was on a mailing list), but
someone said it'll only check /sbin/sendmail, which seams to be the
case. sendmail.path is set to '/usr/sbin/sendmail' in php.ini, but that
doesn't has an effect.

well, either way it hasn't been compiled in so a recompile will be
needed. it's only a 10 minute job anyway. 

-- 
jonathan wright  [EMAIL PROTECTED] | www.djnauk.co.uk
--
life has no meaning unless we can enjoy what we've been given

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Re: [PHP] PHP Sessions Not Saving

2003-02-03 Thread nick 
This is a system automated E-Mail reply.

If you email is a request for support then please visit the below URL and lodge 
your support request.
If you cannot access the below URL, then please email [EMAIL PROTECTED] for prompt 
support.
http://www.wildcomm.net/support.php

If this is not a support related E-Mail then disregard this E-Mail.

Regards.
Support Response
Wildthing Communications 
Mob: 0421 556847
PO Box 1841
SUNSHINE PLAZA
Maroochydore
QLD 4558
http://www.wildcomm.net
ICQ# 64851373





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

  1   2   >