Re: [PHP] Session question
Paul Halliday wrote: Is it OK to have session_start as an include? Yes. -- Per Jessen, Zürich (18.1°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session question
Unless your adding more code to your included file it isn't worth having it as an include as there is more typing/text involved. For management purposes also it would also look ugly if you were just having one file purely for session_start(); From: p...@computer.org Date: Tue, 17 May 2011 13:01:19 +0200 To: php-general@lists.php.net Subject: Re: [PHP] Session question Paul Halliday wrote: Is it OK to have session_start as an include? Yes. -- Per Jessen, Zürich (18.1°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session question
You can have a session start in an htaccess file. .htaccess php_value session.auto_start 1 Do not scream at me if you do not like this approach or it does not work for you. I use it and it works well for me. Simply a suggestion. Richard L. Buskirk -Original Message- From: Ross Hansen [mailto:hansen.r...@live.com.au] Sent: Tuesday, May 17, 2011 11:16 PM To: php-general@lists.php.net Subject: RE: [PHP] Session question Unless your adding more code to your included file it isn't worth having it as an include as there is more typing/text involved. For management purposes also it would also look ugly if you were just having one file purely for session_start(); From: p...@computer.org Date: Tue, 17 May 2011 13:01:19 +0200 To: php-general@lists.php.net Subject: Re: [PHP] Session question Paul Halliday wrote: Is it OK to have session_start as an include? Yes. -- Per Jessen, Zürich (18.1°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session question
the index.php page is the first page where user should logon. it consists of 3 flags (english, french and slovak). when use click on 1 flags, it reload the index.php page and changes the login and password words by their relative translation into the flag country selected. if user click on LOGON button, therefore it calls the checklogin.php page and ONLY if login and password are correct, the session is created by session_start(); command. I've read the $_SESSION array is available even if the session_start() command has not been used. but they told that variable stored in $_SESSION are not available to user till session_start() has not been used... in my case, they are available... :-( Al On 3/5/07, Ólafur Waage [EMAIL PROTECTED] wrote: I have an index.php page which does not user session_start(); command. However in this index.php page, there are some $_SESSION['...']; variables stored. How is it possible that $_SESSION['...']; works even if no session has been created before ? If the page is redirected to from some other place? - Ólafur W -- Alain Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5
Re: [PHP] session question
Alain Roger wrote: the index.php page is the first page where user should logon. it consists of 3 flags (english, french and slovak). when use click on 1 flags, it reload the index.php page and changes the login and password words by their relative translation into the flag country selected. if user click on LOGON button, therefore it calls the checklogin.php page and ONLY if login and password are correct, the session is created by session_start(); command. I've read the $_SESSION array is available even if the session_start() command has not been used. but they told that variable stored in $_SESSION are not available to user till session_start() has not been used... in my case, they are available... :-( 2 possibilities... 1) The session.auto_start php.ini setting is On - this causes session_start to be called before each request is processed. 2) There is no session. Remember that $_SESSION is a variable just like any other. It just happens that it gets stored between page requests if session_start is called. There is nothing stopping you using that variable, but I highly doubt its contents are getting stored between requests if you're not calling session_start. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session question
On Tue, 7 Dec 2004 11:50:58 -0500, Josh Howe [EMAIL PROTECTED] wrote: I've looked at the php session documentation, and it doesn't look like there's any way to run code when a session expires. I'd like to do some cleanup when a user's session expires, is there any way to trap this? Thanks. You can define your own session handling functions with and override PHP's default session handling with session_set_save_handler(). One of the functions you would define would be the garbage collection function. Once created you can call this function whenever you like. I wrote a drop-in replacement for PHP sessions that gives you what I just described, it uses MySQL: http://destiney.com/pub/php_db_sessions.tar.gz There's also the database abstraction layer ADOdb which gives you callback functionality in garbage collection: http://adodb.sf.net/ The db driven, encrypted and bzip'd sessions are pretty nice too. -- Greg Donald Zend Certified Engineer http://gdconsultants.com/ http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] session question
session_destroy() I'm pretty sure, from what I've read. Jake McHenry Nittany Travel MIS Coordinator http://www.nittanytravel.com -Original Message- From: Frank Tudor [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 14, 2003 8:47 PM To: [EMAIL PROTECTED] Subject: [PHP] session question How do you make a session time out? and how do you make a session end if a person leaves your site? Frank __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session question
On 16-Jun-2003 Matt Palermo wrote: When a session is started on my server, it gets a name in the sessiondata folder like: sess_8sjg4893m9d0j43847dk4o5l2 I was just wondering if all sessions on ANY server start with sess_? Is this a PHP-wide default, or can it be changed (not that I want to change it, I just want to know if it can be changed)? localhost.root# grep -r sess_ * ext/session/mod_files.c:#define FILE_PREFIX sess_ Modify session/mod_files.c recompile. -- or you can try your own handler: http://www.php.net/manual/en/function.session-set-save-handler.php Regards, -- Don Read [EMAIL PROTECTED] -- It's always darkest before the dawn. So if you are going to steal the neighbor's newspaper, that's the time to do it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Question
Hello Ernest, SInce register_globals() is ON on my server, I need to be able to figure out a way to ensure session security. Another question I had was that, with register_globals() ON can I still use the $_SESSION to set my variables ? I want to avoid recoding the entire application, so I want to see what can be done to enhance security with the current setup. Does the super-global array approach i.e. $_SESSION work, irrespective of the fact that REGISTER_GLOBALS is ON / OFF ? If I start setting session variables in the $_SESSION array from now on, will it improve the security of the session. I am a newbie in PHP session handling and am sorry if any of the above questions sound extremely lame. Thanks in advance, --Pushpinder On Wednesday, May 21, 2003, at 04:34 PM, Ernest E Vogelsinger wrote: At 21:51 21.05.2003, Pushpinder Singh Garcha said: [snip] register_globals is ON on my site. You should really rethink this - have a look at http://www.php.net/manual/en/security.registerglobals.php http://www.php.net/manual/en/ref.session.php section Sessions and Security register_globals=on simply enables anyone injecting globals to your site: http://www.yoursite.com/myscript.php?valid_user=sam+spade To keep sessions secure, one might consider these steps: (1) Filesystem security: session.save_path points to a directoy owned and readable by the webserver user only: session.save_path=/tmp/php chown apache:apache /tmp/php chmod 700 /tmp/php (2) If security issues are high you may attempt to make sure that the session identifier - be it via cookie or via URL parameter - gets additional confirmation. I once used this approach: I am transmitting a random cookie (random name, random value) to the browser, making a note (in $_SESSION) of the cookie name and its value. When the session gets revisited check for the existence and the value of this cookie. If the values match construct another random cookie, having another name and another value (also sending header information to delete the old cookie). If the cookie doesn't match don't discard the session but merely redirect the browser to another URL (usually a login page), clearing the session ID if it was received it as cookie. This has a drawback - clients are forced to accept cookies, or the system wouldn't work at all. Thus you can only implement it where security is at risk, and where acceptance of the additional cookie can be enforced (extranet applications, for example). (3) As a last resort one can remember the client IP that must match for the same session. This is not secure at all, and it doesn't work with some AOL connections where client IPs change at will (by AOL using random proxies for every INet connection). You can however automatically rule out that method if the client IP stems from the AOL-assigned range. Keeping a very good eye on session security, sessions are the only thing where you can keep login data and access rights, just like you're doing it. I would only urge you NOT to use session_register() and session_is_registered(), but to use the $_SESSION[] superglobal to be absolutely sure you're using only data you yourself have put there, and not injected data. -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Question
You should be able to use $_SESSION with register_globals on. citation from manual If you want your script to work regardless of register_globals, you need to use the $_SESSION array. All $_SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where register_globals is disabled. -Oorspronkelijk bericht- Van: Pushpinder Singh Garcha [mailto:[EMAIL PROTECTED] Verzonden: Wednesday, May 28, 2003 6:18 PM Aan: Ernest E Vogelsinger CC: [EMAIL PROTECTED] Onderwerp: Re: [PHP] Session Question Hello Ernest, SInce register_globals() is ON on my server, I need to be able to figure out a way to ensure session security. Another question I had was that, with register_globals() ON can I still use the $_SESSION to set my variables ? I want to avoid recoding the entire application, so I want to see what can be done to enhance security with the current setup. Does the super-global array approach i.e. $_SESSION work, irrespective of the fact that REGISTER_GLOBALS is ON / OFF ? If I start setting session variables in the $_SESSION array from now on, will it improve the security of the session. I am a newbie in PHP session handling and am sorry if any of the above questions sound extremely lame. Thanks in advance, --Pushpinder On Wednesday, May 21, 2003, at 04:34 PM, Ernest E Vogelsinger wrote: At 21:51 21.05.2003, Pushpinder Singh Garcha said: [snip] register_globals is ON on my site. You should really rethink this - have a look at http://www.php.net/manual/en/security.registerglobals.php http://www.php.net/manual/en/ref.session.php section Sessions and Security register_globals=on simply enables anyone injecting globals to your site: http://www.yoursite.com/myscript.php?valid_user=sam+spade To keep sessions secure, one might consider these steps: (1) Filesystem security: session.save_path points to a directoy owned and readable by the webserver user only: session.save_path=/tmp/php chown apache:apache /tmp/php chmod 700 /tmp/php (2) If security issues are high you may attempt to make sure that the session identifier - be it via cookie or via URL parameter - gets additional confirmation. I once used this approach: I am transmitting a random cookie (random name, random value) to the browser, making a note (in $_SESSION) of the cookie name and its value. When the session gets revisited check for the existence and the value of this cookie. If the values match construct another random cookie, having another name and another value (also sending header information to delete the old cookie). If the cookie doesn't match don't discard the session but merely redirect the browser to another URL (usually a login page), clearing the session ID if it was received it as cookie. This has a drawback - clients are forced to accept cookies, or the system wouldn't work at all. Thus you can only implement it where security is at risk, and where acceptance of the additional cookie can be enforced (extranet applications, for example). (3) As a last resort one can remember the client IP that must match for the same session. This is not secure at all, and it doesn't work with some AOL connections where client IPs change at will (by AOL using random proxies for every INet connection). You can however automatically rule out that method if the client IP stems from the AOL-assigned range. Keeping a very good eye on session security, sessions are the only thing where you can keep login data and access rights, just like you're doing it. I would only urge you NOT to use session_register() and session_is_registered(), but to use the $_SESSION[] superglobal to be absolutely sure you're using only data you yourself have put there, and not injected data. -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Question
SInce register_globals() is ON on my server, I need to be able to figure out a way to ensure session security. The single most important thing to do is initialize all your variables. The way to ensure that you have done that is to set the error reporting level to E_ALL (which is max). The server will then report it if you use a variable that hasn't yet been assigned a value. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Question
Register globals essentially takes the value of $_SESSION['foo'] and creates $foo. It does the same thing for GET, POST, COOKIES, etc. The problem here is that you have no way of telling if $foo was a POST variable, GET, SESSION, or whatever. So, I can choose to append ?admin=1 to one of your URLs, and if you do not do any checking or variable initialising, it might be possible for me to fake myself as a user with admin clearance, or anything else that would be considered a risk. The super global arrays like $_SESSION exist, and can be used, regardless of whether register globals is on or off. If you start relying on $_SESSION['foo'] rather than $foo, $_POST['bah'] instead of $bah and $_GET['xyz'] instead of $xyz, you've made a great start. You should be able to use $_SESSION right now, but be aware that the manual says if you choose to use $_SESSION, then you should stop using functions such as session_register(). The next logical step would be to manually turn off register globals for your site, using a directory-level .htaccess file in your document root. An example of this file would be: --- IfModule mod_php4.c php_flag register_globals off /IfModule --- Do a whole bunch of testing on your LAN, make any changes you need to make to your code, perhaps turn the error reporting to the highest level (E_ALL) to see what warnings you get, then try the same on your live server. Justin on 29/05/03 3:18 AM, Pushpinder Singh Garcha ([EMAIL PROTECTED]) wrote: SInce register_globals() is ON on my server, I need to be able to figure out a way to ensure session security. Another question I had was that, with register_globals() ON can I still use the $_SESSION to set my variables ? I want to avoid recoding the entire application, so I want to see what can be done to enhance security with the current setup. Does the super-global array approach i.e. $_SESSION work, irrespective of the fact that REGISTER_GLOBALS is ON / OFF ? If I start setting session variables in the $_SESSION array from now on, will it improve the security of the session. I am a newbie in PHP session handling and am sorry if any of the above questions sound extremely lame. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Question
Hi, A session is meant to exist on one domain... You could pass the session to another domain to *hold* for you: a href='https://secure.com/enter?oldSID=?=session_id();?'secure checkout/a Then the secure domain would be responsible for remembering the old session id, and passing it back to your site when finished... Essentially, I think that each domain would have it's own session... it's your job for each site to remember the other site's session when jumping between the two. Obviously this is only an issue when cookies aren't available. Justin on 21/03/03 5:18 AM, PHP List ([EMAIL PROTECTED]) wrote: Hi All, I have a question about sessions. I need to pass session data from one domain to a secure domain. (www.mydomain.com to www.securedomain.com). I would like to preserve the session data in case the visitor goes back to www.mydomain.com. I thought about just passing the session ID to www.securedomain.com, but if I need to destroy the session while the visitor is in www.securedomain.com, I am hoping this will also include destroying data from www.mydomain.com. Basically, I am talking about a shopping cart system. If the user decides to stop half way through the checkout on the secure site and continue shopping in the store, I want the cart to remain. But if the user completes the checkout process on the secure domain, their cart should be empty when going back to the original domain. Thanks for any help. Chris --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.461 / Virus Database: 260 - Release Date: 3/11/2003 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Question
In most cases, Yes. Calling session_start() for the first time sets a cookie on the client's computer containing the session id. At the same time the function creates a matching session file on the server. You register whatever variables you want to this file so that when you call session_start() on another page it looks for the cookie, retrieves the session id, and makes the associated variables in the file available to your script. I suggest you read the manual. It's all there... http://www.php.net/manual/en/ref.session.php -Kevin - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 03, 2003 11:10 AM Subject: [PHP] Session Question Does php use cookies for sessions even if you don't explicitly use cookie functions to save session data server side? TIA, Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Question
-Original Message- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Does php use cookies for sessions even if you don't explicitly use cookie functions to save session data server side? -- That question doesn't even make sense to me -- cookie functions can't save data server side, for one thing! Can you try to explain exactly what it is you're trying to find out? Cheers! Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Question
Sorry I didn't make myself more clear. I only want to use server side sessions. I don't want to have to rely on a client having cookies enabled in their browser. So far having trans_sid is just doing the trick. I can save values into sessions server side and not explicitly create a client side cookie with any values to retrieve the information. Thanks again, Ed On Fri, 3 Jan 2003, Ford, Mike [LSS] wrote: -Original Message- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Does php use cookies for sessions even if you don't explicitly use cookie functions to save session data server side? -- That question doesn't even make sense to me -- cookie functions can't save data server side, for one thing! Can you try to explain exactly what it is you're trying to find out? Cheers! Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Question
I use both... and the way I see PHP handling it is like this... First call in it will add the SESSID to the hrefs. Next call (page load) if it finds the cookie it will not append SESSID to URL. However if it doesn't it will. There are a few instance were I need to get the SESSION ID and append them myself. Redirects are a good example you need to add it yourself. header(Location: http://mysite.org/index.php?PHPSESSID=$sid;); Cheers, Mike P.S. This is just from my obeservation *** REPLY SEPARATOR *** On 03/01/2003 at 1:52 PM [EMAIL PROTECTED] wrote: Sorry I didn't make myself more clear. I only want to use server side sessions. I don't want to have to rely on a client having cookies enabled in their browser. So far having trans_sid is just doing the trick. I can save values into sessions server side and not explicitly create a client side cookie with any values to retrieve the information. Thanks again, Ed On Fri, 3 Jan 2003, Ford, Mike [LSS] wrote: -Original Message- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Does php use cookies for sessions even if you don't explicitly use cookie functions to save session data server side? -- That question doesn't even make sense to me -- cookie functions can't save data server side, for one thing! Can you try to explain exactly what it is you're trying to find out? Cheers! Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session question
Just be sure you call session_start() on any page you want to access session variables. Then you can set a variable by doing $_SESSION[myvariable] = hello; and then you can use $_SESSION[myvariable] anywhere you want. This assumes the latest version of PHP. The procedure is similar on older versions, you just have to use session_register(). ---John Holmes... -Original Message- From: Christian Ista [mailto:[EMAIL PROTECTED]] Sent: Saturday, May 25, 2002 4:45 AM To: [EMAIL PROTECTED] Subject: [PHP] Session question Hello, I'm a newbie in PHP, I use a lot ColdFusion (at work). With ColdFusion, it's very easy to create and use session variable. I do something like that : cfset session.myvariable = hello and this variable can be use everywhere. Could you tell me how that's work in PHP. I saw in help file session.start. But it's not very clear for me. Thanks for your help, Bye -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session question
Just be sure you call session_start() on any page you want to access session variables. I have to call this function on each page I use session variable or juste once ? This assumes the latest version of PHP. The procedure is similar on older versions, you just have to use session_register(). From wich version session_start() is include ? Bye -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session question
Just be sure you call session_start() on any page you want to access session variables. I have to call this function on each page I use session variable or juste once ? The statement is pretty clear. You've to call it once on each page you want to access session variables. This assumes the latest version of PHP. The procedure is similar on older versions, you just have to use session_register(). From wich version session_start() is include ? Don't know what you want, but session_start() is part of PHP since version 4.0 Jens -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session question: session.auto_start vs. session_register.
You may want to check out something like auto_prepend_file. Look at the PHP configuration help. I was thinking that you may be able to include your class definition there - IF auto_prepend_file IS INCLUDED BEFORE session.auto_start starts the session. Otherwise, use auto_prepend_file to include a file that: 1. Inludes your class def 2. Starts your session. Just my 2 Cents. -Jason Garber IonZoft.com At 12:44 PM 12/5/2001 -0800, Kurt Lieber wrote: I am working on an open source e-commerce package and have hit a wall with sessions. If I have session.auto_start turned on, I get the following error message: Fatal error: The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition shoppingcart of the object you are trying to operate on was loaded _before_ the session was started in path to my file on line 12 If I turn session.auto_start off, the error disappears. So, the error message tells me that I can't use the class unless I've defined it before the session gets started. However, session.auto_start (as far as I know) starts a session immediately, before even waiting for a script to be fully parsed executed. So, the two seem mutually exclusive. (but then the usefullness of session.auto_start would seem extremely limited) Is there a way I think there's some glaring errors in my understanding here. Can someone help me fill in the holes? --kurt -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Session Question
Tom Malone pressed the little lettered thingies in this order... I'm new to Apache (and PHP) and was unable to find anything approaching an answer to this problem in the Apache documentation. In fact, I'm not even sure if I'm having a problem with Apache or with PHP. I am trying to use sessions to track users on my site and write information to a file. I'm not requiring them to login or anything - all I really want to know is which users are visiting different pages on my site so I can judge the effectiveness of my design. Anyway the problem is - I'm using the following script: ? session_start(); session_register(origin); session_register(ip_address); session_register(browser); session_register($id); $id = session_id(); $origin = $HTTP_REFERER; $ip_address = $REMOTE_ADDR; $browser = $HTTP_USER_AGENT; $sessn_root = /***/sessn-log; //substituted asteriks for actual path here if(!file_exists($sessn_root/$id.txt)): $sessn_data = $id\n $ip_address\n $browser\n $origin\n; else: $sessn_data = $origin\n; endif; $fp = fopen($sessn_root/$id.txt, a); fputs($fp, $sessn_data); fclose($fp); $includes = ***/includes; //substituted asteriks for actual path here $page = $includes/index.inc; include($includes/template.html.php); ? and i get the following error: Warning: fopen(/home/tgmalone/sessn-log/0bbaf33ab1c1f9d714e2244459979ec7.txt,a) - Permission denied in /home/tgmalone/public_html/index.php on line 17 The problem is obvious, but I've been searching, searching and wracking my inadequate brain for a solution and can't find one - can anyone help me find a solution/workaround? The output file (or directory in this case) need to be writable by the web server. This sort of operation is rather insecure, but if you must log to a text file, either make the output directory owned by the web server process (usually nobody) or make the output directory world writable. If you have root access and your httpd process is owned by nobody you can issue the following command from a prompt: chown -R nobody /home/tgmalone/sessn-log You must have root access to use chown. If you do not have root access, you'll need to use chmod to make the directory world writable: chmod -R 777 /home/tgmalone/sessn-log Neither of these solutions is very secure. If you have the option, you should log these entries into a database. Good luck... Christopher Ostmo a.k.a. [EMAIL PROTECTED] AppIdeas.com Innovative Application Ideas Meeting cutting edge dynamic web site needs since the dawn of Internet time (1995) Business Applications: http://www.AppIdeas.com/ Open Source Applications: http://open.AppIdeas.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re:[PHP] Session Question
Thanks Christopher! I chmoded the directory to 777 like you said, and it worked fine, but then I took your advice regarding security and put all the data in a MySQL database. Thank you very much for your help! Tom Malone -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Session Question
Warning: fopen(/home/tgmalone/sessn-log/0bbaf33ab1c1f9d714e2244459979ec7.txt,a) - Permission denied in /home/tgmalone/public_html/index.php on line 17 The problem is obvious, but I've been searching, searching and wracking my inadequate brain for a solution and can't find one - can anyone help me find a solution/workaround? chmod a+w /home/tgmalone/sessn-log/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session question
I have the load balancing all setup, which is why i didn't want to use normal file sessions. I have one more question though, I read that tutorial and got it to work perfect, it is too easy. I am just wondering, is using a library like phplib more efficient or is this very efficient itself (i mean are the built in functions pretty effieicnt)? That is my primary concern because of the # of usersthanks again! -derick - Original Message - From: Peter Dudley [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 21, 2001 8:47 AM Subject: Re: [PHP] session question There is a useful article here: http://phpbuilder.com/columns/ying2602.php3?page=1 As to up to a million users logged in at once... don't you wantto have multiple redundant web servers running under a load balancer? If the rest of your system can handle that many concurrent users, then I doubt PHP sessions will be much more of a strain on your system... unless you're storing some huge amount of data in each session. Pete. Moax Tech List [EMAIL PROTECTED] wrote in message 00b101c0fa15$e47c4320$9865fea9@moax01">news:00b101c0fa15$e47c4320$9865fea9@moax01... I am setting up a website with a need to use some sort of session management for a large amount of users. I cannot use typical file based session managment because at any given time there could be up to a million users logged in at once. (It is a LAMP linux/apache/php4/mysql system). I am a bit confused though as how to go about this. The user will be authenticated by verifying a username/password combo in a database, and then a session created. My question is this: After authentication, which type of session managment should I use? I mean, just do the standard php stuff with the session_ functions? (wo'nt this be bad with the # of simoltaneous users i need to support, because of the # of files on the server?) Or, shall I use something more complex like PHPLIB or create my own scheme using mysql? Is there any exisiting code/functions that can make creating my own scheme easier in order to support mysql or am i way off with this question? I just need a bit of direction here and any help is appreciated. Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session question
Derick, If you're seriously looking at thousands of concurent users (let alone millions) and the kind of budget on hardware and comms that implies, then I'd suggest you seriously look at your own session solution with MySQL or whatever. You can perfectly easily just use your own authentication against your MysQL user base and pick up all their session data from the same table or related tables if there is a lot of it. The basic logic for each page runs : Is $PHP_AUTH_USER set? If not send out an authenticate header. If $PHP_AUTH_USER is set pick out the user entry and password from your MySQL database and check the password, if it fails send back the authenticate header. Pick up all your session data while you're checking the password, so from one database query you've got everything sorted out. Do whatever processing you need and just before sending back the next bunch of html, update the user's record storing back all the session information. That's session management for you. The only advantage of standard session management tools like php's session management is that you can change what you store without making any database changes. But your volume of traffic you shouldn't expect to make any quick and easy changes to the logic of whatever you're doing. It's not really a lot of work to do this and you do get extra benefits in terms of flexibility over what session data is stored for how long and in what format. Basically you don't have a problem as long as the user's don't have a lot of session data. If they do have a lot of session data, you've got a major storage/retrieval problem regardless of your session tool and you probably need to chuck a highly-tuned customised database structure at it anyway!! Hope that helps, George Moax Tech List wrote: I am setting up a website with a need to use some sort of session management for a large amount of users. I cannot use typical file based session managment because at any given time there could be up to a million users logged in at once. (It is a LAMP linux/apache/php4/mysql system). I am a bit confused though as how to go about this. The user will be authenticated by verifying a username/password combo in a database, and then a session created. My question is this: After authentication, which type of session managment should I use? I mean, just do the standard php stuff with the session_ functions? (wo'nt this be bad with the # of simoltaneous users i need to support, because of the # of files on the server?) Or, shall I use something more complex like PHPLIB or create my own scheme using mysql? Is there any exisiting code/functions that can make creating my own scheme easier in order to support mysql or am i way off with this question? I just need a bit of direction here and any help is appreciated. Thanks! -Derick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session question
There is a useful article here: http://phpbuilder.com/columns/ying2602.php3?page=1 As to up to a million users logged in at once... don't you wantto have multiple redundant web servers running under a load balancer? If the rest of your system can handle that many concurrent users, then I doubt PHP sessions will be much more of a strain on your system... unless you're storing some huge amount of data in each session. Pete. Moax Tech List [EMAIL PROTECTED] wrote in message 00b101c0fa15$e47c4320$9865fea9@moax01">news:00b101c0fa15$e47c4320$9865fea9@moax01... I am setting up a website with a need to use some sort of session management for a large amount of users. I cannot use typical file based session managment because at any given time there could be up to a million users logged in at once. (It is a LAMP linux/apache/php4/mysql system). I am a bit confused though as how to go about this. The user will be authenticated by verifying a username/password combo in a database, and then a session created. My question is this: After authentication, which type of session managment should I use? I mean, just do the standard php stuff with the session_ functions? (wo'nt this be bad with the # of simoltaneous users i need to support, because of the # of files on the server?) Or, shall I use something more complex like PHPLIB or create my own scheme using mysql? Is there any exisiting code/functions that can make creating my own scheme easier in order to support mysql or am i way off with this question? I just need a bit of direction here and any help is appreciated. Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] session question
Are you opening a session on each of the pages you want to use the variables? Calling session_register() I believe causes an implicit opening of the session, but on the other pages you have to explicity open the session, or you won't have access to those vars. - John Vanderbeck - Admin, GameDesign (http://gamedesign.incagold.com/) - GameDesign, the industry source for game design and development issues -Original Message- From: Rodrigo Reis da Rocha [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 08, 2001 2:58 PM To: [EMAIL PROTECTED] Subject: [PHP] session question I have a question about session variables. In my page the session variables are not seen by the pages where tem are not declared. I´ve used session_register($variable) and so after at another page I´ve called echo $variable; and it generate a message that the variable does not exists. The session variables are not suposed to be seen at any time, at any page when the param globals is set on while session stands up? Tkx. R3. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session question
First use session_register(). Then give the variable a value. So just rearrange your code, like this: ?php session_start(); $SID = date("Y F j H:i:s"); session_register("SID"."fillista"); $fillista = "fillista.xml"; print "SID=".$SID; ? That should do it. -- Plutarck Should be working on something... ...but forgot what it was. "Jan Grafström" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi! I am trying to learn about sessions and set up this file, ? session_start(); $fillista = "fillista.xml"; session_register("SID"."fillista"); $SID = date("Y F j H:i:s"); print "SID=".$SID; ? This seams not to work on the file fillista.xml, I can still read it afterwords in IE:s cache. How do I pass the session to a xml-file on server? Thanks for any help. Regards jan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session question
some comments on sessions - $PHPSESSID will only be set after the first page refresh. - SID will only be set if your not using cookies. - sessions with not transfer across multiple domain names. - sessions without cookies will not transfer accross full urls. ?php if (isset($PHPSESSID)) session_start($PHPSESSID); else session_start(); $PHPSESSID = session_id(); $SID = "PHPSESSID=$PHPSESSID"; ? use this code and - sessions will transfer across full urls when using $SID - sessions will transer across multiple domain names on the same server using $SID - both $PHPSESSID and $SID are set allways set. remember that header redirects *require* full urls so you will have to use $SID. header("Location: http://$SERVER_NAME/index.php?$SID"); -- Chris Lee Mediawaveonline.com ph. 250.377.1095 ph. 250.376.2690 fx. 250.554.1120 [EMAIL PROTECTED] ""Jon Rosenberg"" [EMAIL PROTECTED] wrote in message 001301c09dc9$fc471c80$[EMAIL PROTECTED]">news:001301c09dc9$fc471c80$[EMAIL PROTECTED]... I have a form that submits to abc.php which then calls db.php and db.php then redirects to a new URL. I have session_start(); on all these files and I'm registering the variables I need. It seems that the session dies or gets lost on it's way through all the included files. I then tried to pass the SID in the URL that the db.php file creates, but the SID is empty once it gets here...though, there is a SID befoer then. Can sessions not be used with multple include files? What could I be doing wrong? This is my first forray into sessions...be gentle! thanks! Some code below, it's prettry straight forward. I still have cookies enabled, as well. Do I need to disable cookies for the SID in URL method to work? index.php where they log in from ? session_start(); //first line of file ? form method="POST" action="main.php" input type="hidden" value="lrlogin" name="form_action" Usernamenbsp;nbsp;input type="text" name="username" class="color"br / Passwordnbsp;nbsp;input class="color" type="password" name="password"br / input type="reset"nbsp;nbsp;nbsp;input type="submit" value="Login" code from main.php ? session_register(); require ("db.php"); if $form_action == "lrlogin" { get_user($username,$password); } ? code from db.php ? session_start(); SQL to select user info from db $access = $row[access_level]; //etc getting vars from db session_register("username"); session_register("password"); session_register("access"); session_register("active"); header("Location:http://www.blah.com/index2.php?=".SID); exit; ? index2.php code ? session_start(); print "Welcome $username"; ? it only prints Welcome ...no username :( -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session question
index.php where they log in from ? session_start(); file://first line of file Okay. ? form method="POST" action="main.php" input type="hidden" value="lrlogin" name="form_action" Usernamenbsp;nbsp;input type="text" name="username" class="color"br / br/ ? You been typing too much XML?... :-) Shouldn't hurt. Passwordnbsp;nbsp;input class="color" type="password" name="password"br / input type="reset"nbsp;nbsp;nbsp;input type="submit" value="Login" code from main.php ? session_register(); Register what? You're supposed to register a variable name... require ("db.php"); if $form_action == "lrlogin" { get_user($username,$password); } ? code from db.php ? session_start(); Doing this after you registered a variable is bogus -- The session_register() automatically calls this if you haven't yet. SQL to select user info from db $access = $row[access_level]; file://etc getting vars from db session_register("username"); session_register("password"); session_register("access"); session_register("active"); header("Location:http://www.blah.com/index2.php?=".SID); Doing session_start() (and, by extension, session_register()) in the same file as a header("Location:") won't work on some browsers. You'll either get the cookie but no redirection or vice versa, depending on which browser you are using. And there should be a space after 'Location:' And you probably need SID= for the SID to get passed on. header("Location: http://www.blah.com/index2.php?SID=".SID); exit; ? index2.php code ? session_start(); print "Welcome $username"; ? it only prints Welcome ...no username :( -- Visit the Zend Store at http://www.zend.com/store/ Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session question
How about this: session_start(); session_register($funky_session_var); $funky_session_var ++; print $funky_session_var; Cheers, ^^@rk Peter Van Dijck wrote: Hi, help: shouldn't this increase the number every time you reload the page? session_start(); $funky_session_var ++; session_register($funky_session_var); print $funky_session_var; Peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session question
Hi Mark! On Wed, 31 Jan 2001, Mark Green wrote: How about this: session_start(); session_register($funky_session_var); $funky_session_var ++; print $funky_session_var; the order doesn't matter (as it did in PHPLib sessions). If it doesn't work I guess it's because you have register_globals off. -- teodor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]