PDA

View Full Version : start session with javascript?



Dennis_Gull
07-17-2007, 07:32 AM
Hello again guys, i need your assistance once again :)

I just made a login application and I would like to start the php session but im not sure how to write php code in javascript the code I need to write in the javascript is this:

var start_cookies = '<?php setcookie("user",' + name + ', time()+3600) ?>';

What im trying to do is to first create a login form when a person click on the login link, then the user submit his username and password. when its submitted ajax will check the name and then send back the info so I need to start the session within javascript.

Edit:

Title should be "start cookie with javascript?" and not "start session with javascript?"

shachi
07-17-2007, 07:47 AM
Cookies are not sessions. Don't use cookies for authentication because they can easily be added by the client(web developer toolbar).

Dennis_Gull
07-17-2007, 07:57 AM
Oh I mixed them up, I meant cookies.
hmm what should I do then if I cant start cookies?

shachi
07-17-2007, 11:15 AM
Of course you can create cookies, I just said don't.

But here's something that you might find useful:
http://www.quirksmode.org/js/cookies.html

Dennis_Gull
07-17-2007, 11:39 AM
yeah I know but what should I do if I shouldn't use cookies? :)
I never used sessions before but is it more secure?

also is javascript cookies the same thing as the php cookies?

Edit:
apparently it was.. but still need advice on how to get a more secure login..

djr33
07-17-2007, 11:56 AM
Cookies are stored for the user and given a name, and a value. via the same name, the cookie can be accessed by PHP, Javascript, Flash, and other methods.

Sessions are much more secure, though more complex.

Cookies aren't secure. They are best used for easily storing bits of data to save for a while, but that can be deleted... nothing crucial, certainly. (Nor should you save anything crucial with sessions as they do expire and clear after a while.)

For example, you could store a language preference for that visit to your site in a cookie, etc.

shachi
07-17-2007, 12:48 PM
As djr33 said, sessions are more secured. Let's take this situation as an instance:

each time someone logs in ... you set a cookie "logged" and display certain contents by checking if the cookie is set or not,
now, with a special toolbar(the "Web developer's toolbar") for firefox, you can easily add a fake cookie(which seems to the browser as if the website has added it) which will easily show all your contents.

and again, as djr33 said, sessions are kinda complex but once you get familiar with them, they can be a life saver.

Dennis_Gull
07-17-2007, 02:03 PM
I read this on w3schools.com


However, session information is temporary and will be deleted after the user has left the website. If you need a permanent storage you may want to store the data in a database.


So heres my new question, it possible to do this within javescript?

Twey
07-17-2007, 02:05 PM
No. Sessions are stored server-side.

Dennis_Gull
07-17-2007, 02:11 PM
bah, well there goes that.. :(

I could create a temp random number in the db and then send it back to javascript and then cookie the username and the temp random number.. and as soon as the person reload a page the php code would check for the cookie and then replace it with a session after I check the db if the random number and username check... anyways that would still mean I have to reload the page before the user is really logged in..

Twey
07-17-2007, 02:15 PM
There's something wrong with your design, this shouldn't be necessary.

Dennis_Gull
07-18-2007, 03:48 PM
No i mean thats a solution but if you cant create sessions with javascript.