Re: [PHP] Re: PHP Sessions
On Fri, 2010-03-12 at 21:33 -0500, Martine Osias wrote: The sessions variables are OK. They don't print when I put them on the HTML page with this code. tr td align=left?=laquo;.$_SESSION['scripture_text'].raquo;?/td /tr tr td style=font-size: smaller; align=right?=$_SESSION['scripture_ref']?/td /tr Thank you. Martine Martine Osias webi...@gmail.com wrote in message news:95.0c.13686.c7cda...@pb1.pair.com... Hi: I need to store variables to send then between pages. I don't need the variables in a database so I try to send them with sessions. The variables don't seem to be there when I try to get them. What could be the problem. Here are the pages where I store and retrieve the variables. Page 1 (variables stored): ?php session_start(); $_SESSION['scripture_text'] = $row_scripture['ScriptureText']; $_SESSION['scripture_ref'] = $row_scripture['ScriptureRef']; ? Page 2 (variables retrieved): ?php session_start(); include(includes/config.php); ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head /head body table width=100% align=center border=0 tr td align=left?=laquo;.$_SESSION['scripture_text'].raquo;?/td /tr tr td style=font-size: smaller; align=right?=$_SESSION['scripture_ref']?/td /tr /table /body /html Don't use ?=, it's a crappy short tag and most hosting doesn't support those sorts of tags. Instead, use something like this: ?php echo $_SESSION['scripture_text']; ? Short tags end up causing more problems than they solve sometimes... Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Re: PHP Sessions
Hello Martine, As you have been already told, the ?=...? is not always supported. However I'd suggest you to do the following (since I love this form of tag): td align=leftlaquo;?=$_SESSION['scripture_text']?raquo;/td Note: I put within the tag only the variable. -- With best regards from Ukraine, Andre Skype: Francophile; WlmMSN: arthaelon @ yandex.ru; Jabber: arthaelon @ jabber.org Yahoo! messenger: andre.polykanine; ICQ: 191749952 Twitter: m_elensule - Original message - From: Martine Osias webi...@gmail.com To: php-general@lists.php.net php-general@lists.php.net Date: Saturday, March 13, 2010, 4:33:34 AM Subject: [PHP] Re: PHP Sessions The sessions variables are OK. They don't print when I put them on the HTML page with this code. tr td align=left?=laquo;.$_SESSION['scripture_text'].raquo;?/td /tr tr td style=font-size: smaller; align=right?=$_SESSION['scripture_ref']?/td /tr Thank you. Martine Martine Osias webi...@gmail.com wrote in message news:95.0c.13686.c7cda...@pb1.pair.com... Hi: I need to store variables to send then between pages. I don't need the variables in a database so I try to send them with sessions. The variables don't seem to be there when I try to get them. What could be the problem. Here are the pages where I store and retrieve the variables. Page 1 (variables stored): ?php session_start(); $_SESSION['scripture_text'] = $row_scripture['ScriptureText']; $_SESSION['scripture_ref'] = $row_scripture['ScriptureRef']; ? Page 2 (variables retrieved): ?php session_start(); include(includes/config.php); ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head /head body table width=100% align=center border=0 tr td align=left?=laquo;.$_SESSION['scripture_text'].raquo;?/td /tr tr td style=font-size: smaller; align=right?=$_SESSION['scripture_ref']?/td /tr /table /body /html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP Sessions
On Sat, 2010-03-13 at 12:22 +0200, Andre Polykanine wrote: Hello Martine, As you have been already told, the ?=...? is not always supported. However I'd suggest you to do the following (since I love this form of tag): td align=leftlaquo;?=$_SESSION['scripture_text']?raquo;/td Note: I put within the tag only the variable. -- With best regards from Ukraine, Andre Skype: Francophile; WlmMSN: arthaelon @ yandex.ru; Jabber: arthaelon @ jabber.org Yahoo! messenger: andre.polykanine; ICQ: 191749952 Twitter: m_elensule - Original message - From: Martine Osias webi...@gmail.com To: php-general@lists.php.net php-general@lists.php.net Date: Saturday, March 13, 2010, 4:33:34 AM Subject: [PHP] Re: PHP Sessions The sessions variables are OK. They don't print when I put them on the HTML page with this code. tr td align=left?=laquo;.$_SESSION['scripture_text'].raquo;?/td /tr tr td style=font-size: smaller; align=right?=$_SESSION['scripture_ref']?/td /tr Thank you. Martine Martine Osias webi...@gmail.com wrote in message news:95.0c.13686.c7cda...@pb1.pair.com... Hi: I need to store variables to send then between pages. I don't need the variables in a database so I try to send them with sessions. The variables don't seem to be there when I try to get them. What could be the problem. Here are the pages where I store and retrieve the variables. Page 1 (variables stored): ?php session_start(); $_SESSION['scripture_text'] = $row_scripture['ScriptureText']; $_SESSION['scripture_ref'] = $row_scripture['ScriptureRef']; ? Page 2 (variables retrieved): ?php session_start(); include(includes/config.php); ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head /head body table width=100% align=center border=0 tr td align=left?=laquo;.$_SESSION['scripture_text'].raquo;?/td /tr tr td style=font-size: smaller; align=right?=$_SESSION['scripture_ref']?/td /tr /table /body /html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php That's still using short tags. The time you save on typing is nothing compared to the time you spend trying to figure out why your script doesn't work since you moved servers, or copied it to your live server, or why you are having trouble using XML... Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Re: PHP sessions, AJAX, authentication and security.
same as everywhere else in your apps.. ajax is no different in any way at all, not even slightly. as far as PHP and web server is concerned it's just a plain old request same as any other; thus.. if( !$_SESSION['is_logged_in'] ) { exit(); } // do stuff Thanks for that. Sometimes the solution is right there in front of you. The bit of code below does the job nicely for me : session_start(); if(!isset($_SESSION['username'])){ echo(Go Away.); exit(); } // now work with sensitive data... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP Sessions || Problems with AOL, Safari, etc.
Check php.ini session settings. There are some options in there for you to use in your scripts. Set up scripts to test whether session cookies are being saved and then route accordingly. On Oct 28, 2006, at 12:41 PM, sit1way wrote: Hey all. I run a members-only hockey report that relies on Session variable (s) to grant/deny access to members-only site content. Generally members have no trouble accessing members-only content once logged-in to the site; however, since we have a few thousand members, I frequently receive tech support requests along the lines of My login doesn't work, I keep getting returned to the login screen. Invariably it's McAffee anti-virus, or other anti-virus program running on the user's computer that disables session cookies, or the user disabled session cookies in attempts to make their browser more secure. Is there a way to get around this problem? Not being able to set Session variable(s) is a major annoyance; one that I'd like to resolve if possible. Suggestions welcome... Thanks, --Noah -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: PHP Sessions Question
Thanks Jason, I'll keep the information handy for creating my own session handler in case other options I'm exploring right now don't work. On garbage collection, it happens sometimes within seconds and sometimes within minutes. It tends to occur in batches with lulls of 20 to 30 minutes. So, for example, I can login, navigate through 11 different pages to generate the problem, navigate 2 pages to generate the problem, and then not see the problem again for another 5 minutes. Does that fall in line with what you're thinking? -Ed -Original Message- To try logging this, you probably need to make your own session handler. Most importantly you would want to write to the log during the open and destroy functions. http://www.php.net/session_set_save_handler Most recent updates were made last week and everything has been working fine until this afternoon. Session data is somehow being lost. It seems random. As the other guy said, load balancing seems likely. It might also be that php.ini settings for garbage collection and session/cookie lifetimes have changed. Garbage collection can seem random. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP Sessions Question
On garbage collection, it happens sometimes within seconds and sometimes within minutes. It tends to occur in batches with lulls of 20 to 30 minutes. So, for example, I can login, navigate through 11 different pages to generate the problem, navigate 2 pages to generate the problem, and then not see the problem again for another 5 minutes. Does that fall in line with what you're thinking? Actually, no. Garbage collection would destroy the sessions, so if they're only temporarily disappearing then load balancing seems even more likely. I'm going to assume not, but are you using a non-default session handler? If for instance you were storing sessions in another database, or simply on a different machine then connections can fail. This would most likely only be set up through the set_session_handler directive I mentioned before... but you should also check your php.ini values for session.save_handler and session.save_path -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP Sessions Question
* Thus wrote Jason Barnett: On garbage collection, it happens sometimes within seconds and sometimes within minutes. It tends to occur in batches with lulls of 20 to 30 minutes. So, for example, I can login, navigate through 11 different pages to generate the problem, navigate 2 pages to generate the problem, and then not see the problem again for another 5 minutes. Does that fall in line with what you're thinking? Actually, no. Garbage collection would destroy the sessions, so if they're only temporarily disappearing then load balancing seems even more likely. I'm going to assume not, but are you using a non-default session handler? If for instance you were storing sessions in another database, or using the default handler, and the /tmp dir is full. Garabage Collection cleans up things so it works for a while until it fills up again, then breaks again (possibly saving a session or two with the minimal disk) till GC decides to kick in again. df -ih /tmp/ Check Avail and ifree. Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP Sessions Question
* Thus wrote My Self: or using the default handler, and the /tmp dir is full. where /tmp being the local value for your session.save_path ini setting. Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: PHP Sessions Question
I have a suggestion that would allow you to take charge of what is going on with your sessions. Install your own session handler routines, storing your own session data in your own database table. These functions would need to be loaded on each page before you execute the session_start() function on each page. http://www.php.net/manual/en/function.session-set-save-handler.php Since the Garbage Cleanup and session read function is now under your control, you can establish the session expiration that is appropriate for your application, independent from the PHP default for the site. Be careful, however for the parameters that control the life of the cookie in the browser, they can also cause the session to be lost if not set properly. http://www.php.net/manual/en/function.session-set-cookie-params.php This may sometimes seem intermittent, since the cookie will expire from the time first established in the browser, and if you are only aware of the time from the last page, and the cookie goes away, the session will appear to have been destroyed. good luck, Warren Vail [EMAIL PROTECTED] -Original Message- From: Jason Barnett [mailto:[EMAIL PROTECTED] Sent: Thursday, July 08, 2004 11:23 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Re: PHP Sessions Question On garbage collection, it happens sometimes within seconds and sometimes within minutes. It tends to occur in batches with lulls of 20 to 30 minutes. So, for example, I can login, navigate through 11 different pages to generate the problem, navigate 2 pages to generate the problem, and then not see the problem again for another 5 minutes. Does that fall in line with what you're thinking? Actually, no. Garbage collection would destroy the sessions, so if they're only temporarily disappearing then load balancing seems even more likely. I'm going to assume not, but are you using a non-default session handler? If for instance you were storing sessions in another database, or simply on a different machine then connections can fail. This would most likely only be set up through the set_session_handler directive I mentioned before... but you should also check your php.ini values for session.save_handler and session.save_path -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] RE:[PHP] sessions...how to use not clear?
Andy B mailto:[EMAIL PROTECTED] on Monday, March 22, 2004 3:19 PM said: so the theory is: if i require that the session be named after the persons login name there is probably 1 out of 2 million chances that it will mess up the names and get confused (specially if there are only a few users allowed)... as long as your usernames are unique you should never have a problem. (assuming everything else works as planned.) chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RE:[PHP] sessions...how to use not clear?
What are the chances of two people getting the same session number in a thousends of day operation? When you down the size of that to a couple hundeed a day... WHy do we need to have a session name for that? Vamp Chris W. Parker [EMAIL PROTECTED] escribió en el mensaje news:[EMAIL PROTECTED] Andy B mailto:[EMAIL PROTECTED] on Monday, March 22, 2004 3:19 PM said: so the theory is: if i require that the session be named after the persons login name there is probably 1 out of 2 million chances that it will mess up the names and get confused (specially if there are only a few users allowed)... as long as your usernames are unique you should never have a problem. (assuming everything else works as planned.) chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] RE:[PHP] sessions...how to use not clear?
Elliot J. Balanza mailto:[EMAIL PROTECTED] on Monday, March 22, 2004 3:43 PM said: What are the chances of two people getting the same session number in a thousends of day operation? When you down the size of that to a couple hundeed a day... WHy do we need to have a session name for that? gah. what i was trying to say (although maybe i should have elaborated a little) is that if within his database his usernames are unique, he won't have any problems at all. i don't think the op should be concerned with duplicating session id's as there are an almost infinite number of them. much more than 2mil. chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] RE:[PHP] sessions...how to use not clear?
Andy B mailto:[EMAIL PROTECTED] on Monday, March 22, 2004 3:43 PM said: as long as your usernames are unique you should never have a problem. (assuming everything else works as planned.) it should... it will. a unique value is a unique value. is this code valid?? ?php if(session_start($name)) {/*do whatever if person is logged in already*/ } else { /*do whatever if session doesnt exist*/ } if that does work then all i need to do is figure out how to do a session_distroy() to delete it after logged out... any ideas? personally i've never named a session (let alone knew that it was possible) so i don't know if that code is valid as i don't know what, if anything, session_start returns. that code assumes session_start() returns a value at all. i suggest you read the manual. try www.php.net/session_start and it will tell you what that function returns if anything. you can work from there. chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] RE:[PHP] sessions...how to use not clear?
Andy B mailto:[EMAIL PROTECTED] on Monday, March 22, 2004 3:49 PM said: because eventually i want to take the user name (session name/variables/user info) and create a preferences section of the website im doing and that would require a constant session name from visit to visit yeah you're right. except that you're missing a key point. you've already got that unique identifier. it's the username. the username will stay unique visit to visit, therefore you don't need to go against the design of the session id. the session id is not meant to keep uniqueness across multiple visits, only the current visit. are we/me misunderstanding you? chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RE:[PHP] sessions...how to use not clear?
Andy B wrote: as long as your usernames are unique you should never have a problem. (assuming everything else works as planned.) it should... i want to use sessions for a login system and stuff too but i want it to check to see if the person is logged in before going to the login section... if the session isnt valid then require a login... is this code valid?? ?php if(session_start($name)) {/*do whatever if person is logged in already*/ } else { /*do whatever if session doesnt exist*/ } if that does work then all i need to do is figure out how to do a session_distroy() to delete it after logged out... You shouldn't rely on whether a valid session exists to determine if user is logged in. You should depend upon a certain variable within the session. session_start(), with or without $name, is going to be TRUE because it just starts a session. If a session did not exist, it'll start one. When a use logs in correctly, start a session and set a $_SESSION['loggedin'] = TRUE, variable. Then on any page you want protected, simply check for the variable if(isset($_SESSION['loggedin'])) { //person is logged in } else { //person is not logged in } When the person wants to log out, simply unset() or set to FALSE the $_SESSION['loggedin'] variable. Now you force them to log in again. Even if they keep the same session name, it doesn't matter b/c that variable is not set. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RE:[PHP] sessions...how to use not clear?
Andy B wrote: WHy do we need to have a session name for that? because eventually i want to take the user name (session name/variables/user info) and create a preferences section of the website im doing and that would require a constant session name from visit to visit Ummm... that's why you set a $_SESSION['username'] value. You really don't need to worry about the name or id of the session (other than resetting it upon login to prevent Session Fixation Attacks). Sessions are for the current visit, page to page, not to remember things across multiple visits. Cookies are used for that (but be aware of security issues there, also, depending on how you implement them). -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RE:[PHP] sessions...how to use not clear?
Andy B wrote: [snip] If you give the session a custom name, then, yes, you'll have to use that name on every page. $name can be something that in an include file or a constant, etc, though. Again, you don't _have_ to give a name, though. There's no real advantage to using another name, though, as it's going to be sent to the user in a cookie or the URL, anyhow. [end snip] well this is true but in the event that the server creates a default name for that particular session (very large random strings). I am trying to avoid running into the same session being used twice by 2 seperate people at the same time. I think you're confusing session_name and session_id. session_name is (generally) the same for everyone and is the name PHP uses in the cookie or URL to store the session_id. The session_id is a 128 bit, 32 character code that uniquely (sp?) identifies your individual session. You do not have to worry about two users getting the same session_id unless you just have a tremendous amount of traffic or have extended the session life. so the theory is: if i require that the session be named after the persons login name there is probably 1 out of 2 million chances that it will mess up the names and get confused (specially if there are only a few users allowed)... I think I get what you're saying here. In the very remote chance that two people get the same session_id, you're saying that at least they'll have different session_names, so there won't be any contention? I don't think so, though, as the default session handler for PHP bases the name of the file to hold the session data on the session_id. It doesn't use the session_name for anything knowing what cookie or URL variable to retrieve the session_id from. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RE:[PHP] sessions...how to use not clear?
Andy B wrote: you've already got that unique identifier. it's the username. the username will stay unique visit to visit, therefore you don't need to go against the design of the session id. the session id is not meant to keep uniqueness across multiple visits, only the current visit. are we/me misunderstanding you? Please quote your messages or put a divider between the original content (above) and what you write (below). yes the username is a thing different from anybody elses login but how will you collect preferences and the like in variables and dump them into a sql table without using a session to define them from everybody elses?? figure this: 1. if you just used a login page and sql table to verify the existance of a username/pwd and once logged in you had this code: ?php $color=green; $show_time=0; /*dont show the time on the page*/ now somebody else logges in: $color=yellow; $show_time=1; (both users are logged in at the same time)?? theory is the variables will conflict with each other... You're confused here. $color loaded from a database in one script is not going to change when another script is run and $color is loaded for another user. The variable is unique to the request. 2. using sessions: ?php session_name($user); session_start(); $_SESSION[color]=green; $_SESSION[show_time]=0; now they cant get messed up because: ?php session_name($user); /*user2 now logged in*/ will be totally different from user1. This is true and how you want to do it, but using $user inside of session_name() is unecessary. They'll be different because each user has a different session_id by design and that's what's used to identify one users $_SESSION['color'] from anther user's $_SESSION['color']. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] RE:[PHP] sessions...how to use not clear?
On 22 Mar 2004 Andy B wrote: so the theory is: if i require that the session be named after the persons login name there is probably 1 out of 2 million chances that it will mess up the names and get confused (specially if there are only a few users allowed)... If the login name is unique and you don't allow multiple simultaneous logins then the chanve of a mixup is exactly zero. If you are talking about session IDs, I believe they are 128 bits which translates to a chance of duplication of 1 in 340,282,366,920,938,463,463,374,607,431,768,211,456 [the result from bcpow(2, 128, 0)]. Should be good enough :-). -- Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP Sessions - One Server, Many Terminals
On 16 Mar 2004 [EMAIL PROTECTED] wrote: Sessions have to do with requests being sent by browsers to the web server. Each time you close all the windows of your browser on your computer and start the browser again, a new session is started. I suspect that since all your users are essentially using the same web browser (since their monitors and keyboards are not really separate computers, but peripherals on the same machine), a browser window open on one terminal is keeping alive a session started by another user on another terminal when she or he first started the browser. I have had questions about this for a while. What is it about closing and reopening the browser that PHP notices and that invalidates the old session? Also a comment ... I think with the right combination of session_id() and session_name() calls you should be able to run multiple sessions on the same browser at the same time. I have never tried it but I did have a client with an interest in it and I looked enough to say well, I think this is feasible -- we'd have to try it to be sure. -- Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php