Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 9 of 9

Thread: sessions

  1. #1
    Senior Member ceetee's Avatar
    Join Date
    Jul 2003
    Posts
    117
    Member #
    2035
    Have I got this right about what I should expect from a session on a php/apache server? After opening a session it should last about 24 minutes with the default setting and no new page activity (calling session_start()). Otherwise with new page activity it should last practically indefinitely.

    I'm asking because I'm seriously thinking of migrating to another host because of erratic session times. That is they are timing out earlier than I would like. Sometimes after a few minutes sometimes managing 20 minutes but never more, even with page activity.

  2.  

  3. #2
    Senior Member mossoi's Avatar
    Join Date
    Apr 2003
    Location
    Englandshire, United Kingdomsville y'all!
    Posts
    1,111
    Member #
    1206
    Liked
    1 times
    As far as I'm aware what you've said is correct - it should be around 20 minutes inactivity.

    You could use a cookie instead. It's a bit more secure and you can set your own timeout. It might be easier to implement than changing host.

  4. #3
    Member tim2788's Avatar
    Join Date
    Aug 2003
    Location
    North East England, UK
    Posts
    34
    Member #
    2909
    Yeah using cookies may be more secure but s'pose the user doesn't have cookies enabled? More reliable using sessions and easier to manipulate in my opinion. :classic:
    ----------------------------------------
    http://www.timothymerchant.co.uk

  5. #4
    Senior Member ceetee's Avatar
    Join Date
    Jul 2003
    Posts
    117
    Member #
    2035
    Sessions use cookies by default to store the id. I think mossoi was referring to cookies storing the variables like username. I wonder if there is a downside to this though.

    This problem occurred when the hosts 'upgraded' the PHP to version 4.2. Someone on another forum said in passing that the problem was related to register_globals being on in v4.2. Sounds unlikely to me, but has anybody else heard of anything similar?

  6. #5
    Member tim2788's Avatar
    Join Date
    Aug 2003
    Location
    North East England, UK
    Posts
    34
    Member #
    2909
    well sessions storing cookies to hold ID's is different because after the session is over the cookie is no longer needed. The downside to cookies is security becasue storing sensitive information like logins and passwords could be dangerous. Also sessions are easier and quicker to use and you can destroy them as soon as they are no longer needed where as cookies are still there when not been used which clogs up space.
    ----------------------------------------
    http://www.timothymerchant.co.uk

  7. #6
    Senior Member mossoi's Avatar
    Join Date
    Apr 2003
    Location
    Englandshire, United Kingdomsville y'all!
    Posts
    1,111
    Member #
    1206
    Liked
    1 times
    You could use the cookie to hold just the username and login confirmation (and what ever else you need) there should be no need to store the password in a cookie.

  8. #7
    Member tim2788's Avatar
    Join Date
    Aug 2003
    Location
    North East England, UK
    Posts
    34
    Member #
    2909
    true and I they are encrypted so supose it wouldnt matter too much.
    ----------------------------------------
    http://www.timothymerchant.co.uk

  9. #8
    Member Black Vivi's Avatar
    Join Date
    Apr 2003
    Location
    UK
    Posts
    75
    Member #
    1072
    if you use passwords in cookies though, you should make the passwords in the database or whatever be passed through the MD5 function
    then for the login, to check if the login info is correct, just MD5 the password the user inputted, and then make the password cookie MD5ed aswell
    Download Firebird now!

  10. #9
    Senior Member mossoi's Avatar
    Join Date
    Apr 2003
    Location
    Englandshire, United Kingdomsville y'all!
    Posts
    1,111
    Member #
    1206
    Liked
    1 times
    Best to keep the password out of the cookie altogether though.

    If you do it right the password is downloaded only once and is never stored. All you need to do is verify the password and then tell the cookie that the password was verified.


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 11:04 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com