PDA

View Full Version : PHP Beginner Help



Andrelus
03-30-2006, 04:04 PM
I am designing a website where I would like values and an image in a form to be transfered from one page to another. I have a very, very loose understanding of how to accomplish this. Can someone help me to polish this process. Thank You.

.alias.
03-30-2006, 04:23 PM
i think this will help you but im new to PHP as well so it might not :p

page 1:

<?
session_start();
$ok = "hello";
$_SESSION['hello'] = $ok;
?>

page 2:

<?
session_start();
echo $_SESSION['hello'];
?>

djr33
04-03-2006, 09:16 AM
On the second page, you use the function session_start() again. Do you want to restart it? Or is this just for each page to know about the session....?
Like.... does that mean start a new session or just start it for that particular page.

Twey
04-03-2006, 11:26 AM
No, you need to call session_start() on every page on which you want the session to continue. Because it modifies the headers, you must call it before you output any HTML.

djr33
04-03-2006, 08:35 PM
Thanks, Twey.

Andrelus, not trying to deroute your thread; seems like you've got it started, and I'd think it better to keep discussing this here than start a new one.


So... sessions last for how long? Do they end when:
1. the user closes the window?
2. the time expires?
3. refresh is hit?
I'm guessing... probably some are right, others not. More?

Twey
04-03-2006, 08:44 PM
Sessions always expire when their expiry date is hit. As well as that, they can be lost when the user navigates to a page without session_start() called on it (if not using cookies) or when the cookie is deleted.

djr33
04-03-2006, 10:53 PM
cookies and session_start() aren't at all interchangable, though, right? I mean, you could use them together, but you can't just assume the cookie will hold the session or the session vars will hold the data of the cookie, right?

And... the expiry date.... how does one control this?

Twey
04-03-2006, 11:10 PM
cookies and session_start() aren't at all interchangable, though, right? I mean, you could use them together, but you can't just assume the cookie will hold the session or the session vars will hold the data of the cookie, right?Yes, you could. Making sure that session_start() is called on every page, there should be no reason why every instance of $_COOKIE couldn't simply be swapped for a $_SESSION.
And... the expiry date.... how does one control this?From the manual:
session.gc_maxlifetime integer


session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up.


Note: If different scripts have different values of session.gc_maxlifetime but share the same place for storing the session data then the script with the minimum value will be cleaning the data. In this case, use this directive together with session.save_path.

Note: If you are using the default file-based session handler, your filesystem must keep track of access times (atime). Windows FAT does not so you will have to come up with another way to handle garbage collecting your session if you are stuck with a FAT filesystem or any other filesystem where atime tracking is not available. Since PHP 4.2.3 it has used mtime (modified date) instead of atime. So, you won't have problems with filesystems where atime tracking is not available.

djr33
04-03-2006, 11:54 PM
The session is automatically stored in the cookie? Does it not work if the cookies are disabled for a certain user?


And what's the default for sessions, if not set by the php?

Twey
04-04-2006, 12:15 PM
The session is automatically stored in the cookie?The session identifier (SID) is stored in the cookie. All other data is stored server-side.
Does it not work if the cookies are disabled for a certain user?If cookies are not available, it will use GET variables to pass the SID between pages. You can do this manually, or you can set session.use_trans_sid to transparently pass the SID between pages (for example, it will replace all occurrences of <a href="home.php"> with <a href="home.php?PHPSESSID=<?=$SID?>"> and add <input type="hidden" name="PHPSESSID" value="<?=$SID?>"> to all forms).
And what's the default for sessions, if not set by the php?1440.

djr33
04-04-2006, 07:21 PM
Alright. Makes sense.

So... using sessions as an alternative to cookies doesn't really make sense, sounds like. that's what I was hoping for.

Other ideas?

Twey
04-04-2006, 08:09 PM
So... using sessions as an alternative to cookies doesn't really make sense, sounds like.Yes, it does :)

djr33
04-05-2006, 12:09 AM
Well... sounds like it could work, but it's kinda roundabout... still uses cookies or does some odd thing with the links and such. I mean.... that would work, I guess... just seems less-than-equal as an alternative to cookies.

Guess those users will just have to deal with it though ^_^ Hehe....


Or... wait... yes as in it DOES make sense, or as in Yes, I'm right. Now I'm confused.

Other ideas if you're saying not to use them?

Twey
04-05-2006, 11:21 AM
Other ideas if you're saying not to use them?I'm saying you should use them :)
Well... sounds like it could work, but it's kinda roundabout... still uses cookies or does some odd thing with the links and such. I mean.... that would work, I guess... just seems less-than-equal as an alternative to cookies.That's exactly why it's superior to storing all the sensitive data in a plaintext file on the user's hard drive.
Guess those users will just have to deal with it though ^_^ Hehe....Hm? Sessions are more reliable than cookies, since users without cookies can still use them.

djr33
04-05-2006, 05:16 PM
well.... it'll be messy if all the urls have that line added to them. Just meant the users will have to deal with it if they don't have cookies enabled.

You say its more secure than storing in a plaintext file, then won't it just be stored in a cookie anyway if they are enabled...?

Twey
04-05-2006, 05:34 PM
well.... it'll be messy if all the urls have that line added to them.Not really. Most major sites use sessions, and quite a few of them seem to elect not to use cookies to store the SID, though I don't know why.
You say its more secure than storing in a plaintext file, then won't it just be stored in a cookie anyway if they are enabled...?No. On the server, a session identifier (SID) will be stored along with all the data stored in that session. The only thing stored in a cookie, if cookies are enabled, or on the URI, if not, is the session identifier.