I am designing a website where I would like values and an image in a form to be transfered from one page to another. I have a very, very loose understanding of how to accomplish this. Can someone help me to polish this process. Thank You.
Printable View
I am designing a website where I would like values and an image in a form to be transfered from one page to another. I have a very, very loose understanding of how to accomplish this. Can someone help me to polish this process. Thank You.
i think this will help you but im new to PHP as well so it might not :p
page 1:
page 2:Code:<?
session_start();
$ok = "hello";
$_SESSION['hello'] = $ok;
?>
Code:<?
session_start();
echo $_SESSION['hello'];
?>
On the second page, you use the function session_start() again. Do you want to restart it? Or is this just for each page to know about the session....?
Like.... does that mean start a new session or just start it for that particular page.
No, you need to call session_start() on every page on which you want the session to continue. Because it modifies the headers, you must call it before you output any HTML.
Thanks, Twey.
Andrelus, not trying to deroute your thread; seems like you've got it started, and I'd think it better to keep discussing this here than start a new one.
So... sessions last for how long? Do they end when:
1. the user closes the window?
2. the time expires?
3. refresh is hit?
I'm guessing... probably some are right, others not. More?
Sessions always expire when their expiry date is hit. As well as that, they can be lost when the user navigates to a page without session_start() called on it (if not using cookies) or when the cookie is deleted.
cookies and session_start() aren't at all interchangable, though, right? I mean, you could use them together, but you can't just assume the cookie will hold the session or the session vars will hold the data of the cookie, right?
And... the expiry date.... how does one control this?
Yes, you could. Making sure that session_start() is called on every page, there should be no reason why every instance of $_COOKIE couldn't simply be swapped for a $_SESSION.Quote:
cookies and session_start() aren't at all interchangable, though, right? I mean, you could use them together, but you can't just assume the cookie will hold the session or the session vars will hold the data of the cookie, right?
From the manual:Quote:
And... the expiry date.... how does one control this?
Quote:
session.gc_maxlifetime integer
session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up.
Note: If different scripts have different values of session.gc_maxlifetime but share the same place for storing the session data then the script with the minimum value will be cleaning the data. In this case, use this directive together with session.save_path.
Note: If you are using the default file-based session handler, your filesystem must keep track of access times (atime). Windows FAT does not so you will have to come up with another way to handle garbage collecting your session if you are stuck with a FAT filesystem or any other filesystem where atime tracking is not available. Since PHP 4.2.3 it has used mtime (modified date) instead of atime. So, you won't have problems with filesystems where atime tracking is not available.
The session is automatically stored in the cookie? Does it not work if the cookies are disabled for a certain user?
And what's the default for sessions, if not set by the php?
The session identifier (SID) is stored in the cookie. All other data is stored server-side.Quote:
The session is automatically stored in the cookie?
If cookies are not available, it will use GET variables to pass the SID between pages. You can do this manually, or you can set session.use_trans_sid to transparently pass the SID between pages (for example, it will replace all occurrences of <a href="home.php"> with <a href="home.php?PHPSESSID=<?=$SID?>"> and add <input type="hidden" name="PHPSESSID" value="<?=$SID?>"> to all forms).Quote:
Does it not work if the cookies are disabled for a certain user?
1440.Quote:
And what's the default for sessions, if not set by the php?
Alright. Makes sense.
So... using sessions as an alternative to cookies doesn't really make sense, sounds like. that's what I was hoping for.
Other ideas?
Yes, it does :)Quote:
So... using sessions as an alternative to cookies doesn't really make sense, sounds like.
Well... sounds like it could work, but it's kinda roundabout... still uses cookies or does some odd thing with the links and such. I mean.... that would work, I guess... just seems less-than-equal as an alternative to cookies.
Guess those users will just have to deal with it though ^_^ Hehe....
Or... wait... yes as in it DOES make sense, or as in Yes, I'm right. Now I'm confused.
Other ideas if you're saying not to use them?
I'm saying you should use them :)Quote:
Other ideas if you're saying not to use them?
That's exactly why it's superior to storing all the sensitive data in a plaintext file on the user's hard drive.Quote:
Well... sounds like it could work, but it's kinda roundabout... still uses cookies or does some odd thing with the links and such. I mean.... that would work, I guess... just seems less-than-equal as an alternative to cookies.
Hm? Sessions are more reliable than cookies, since users without cookies can still use them.Quote:
Guess those users will just have to deal with it though ^_^ Hehe....
well.... it'll be messy if all the urls have that line added to them. Just meant the users will have to deal with it if they don't have cookies enabled.
You say its more secure than storing in a plaintext file, then won't it just be stored in a cookie anyway if they are enabled...?
Not really. Most major sites use sessions, and quite a few of them seem to elect not to use cookies to store the SID, though I don't know why.Quote:
well.... it'll be messy if all the urls have that line added to them.
No. On the server, a session identifier (SID) will be stored along with all the data stored in that session. The only thing stored in a cookie, if cookies are enabled, or on the URI, if not, is the session identifier.Quote:
You say its more secure than storing in a plaintext file, then won't it just be stored in a cookie anyway if they are enabled...?