Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 7 of 7
Like Tree1Likes
  • 1 Post By mlseim

Thread: Session management

  1. #1
    Senior Member hagen's Avatar
    Join Date
    Aug 2005
    Posts
    405
    Member #
    10882
    Liked
    1 times

    Session management

    Hi I could do with an overview (not necessarily in code) on the best way to handle sessions for my member websites...

    Can anyone suggest how they do it?

    Many thanks -Hagen
    Hagen Rose: hagen(at)jxwd(dot)co(dot)uk
    JX Web Development, Bournemouth, Dorset...JXWD.co.uk

  2.  

  3. #2
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,377
    Member #
    5580
    Liked
    674 times
    Never store user name or user password in a session variable. Store the user id (primary id from MySQL table) as the identifying session variable, or create a table column that has a temporary "key" that gets randomly changed each time a person logs-in.

    Here is a PDO example. They use the UID primary id as the session variable:
    PHP Login System with PDO Connection.


  4. #3
    Senior Member hagen's Avatar
    Join Date
    Aug 2005
    Posts
    405
    Member #
    10882
    Liked
    1 times
    Hi Mlseim, thanks for the reply,

    I think this is basically how I normally do it... IE login to create user ID in session variable to point at database record... no user ID set then show session not valid page...

    But the issue I get sometimes is that browser garbles up the session ID and bombs out... seems to be a particular issue of firefox? when navigating back button or the session times out...

    Any experience of these kinds of issues?

    -Hagen
    Hagen Rose: hagen(at)jxwd(dot)co(dot)uk
    JX Web Development, Bournemouth, Dorset...JXWD.co.uk

  5. #4
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,377
    Member #
    5580
    Liked
    674 times
    I guess I've never noticed any session failures due to browsers. A session does require a refresh, or AJAX as it does save something on the user's computer as well as the server. The session is referenced by a cookie placed on the client's computer. But it's not a cookie like a normal one. That might be where you are having trouble with browsers. Maybe you have browser settings that are strict about cookies?


  6. #5
    Senior Member hagen's Avatar
    Join Date
    Aug 2005
    Posts
    405
    Member #
    10882
    Liked
    1 times
    Thank you your inputs are V appreciated I need to nail this once and for all!

    I am using the $_SESSION to variables to store the user ID... The browser often asks for confirmation of resubmit of browser press back... normal static websites don't do this...

    Yes using a cookie could make a whole lot more sense...?

    Any experience of these issues?

    Thanks...
    Hagen Rose: hagen(at)jxwd(dot)co(dot)uk
    JX Web Development, Bournemouth, Dorset...JXWD.co.uk

  7. #6
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,377
    Member #
    5580
    Liked
    674 times
    A session is the way to go. Sites that do the "remember me and keep me logged-in" also use a normal cookie. I know what you mean about the "re-submit" thing. I don't think there is anything you can do about that since it is part of the browser's cache system. I don't think your website knows anything about the user pressing the back button on their browser. If you use AJAX for logins or form submissions, there is no back button because they did not change any pages.
    Sebia likes this.


  8. #7
    Senior Member hagen's Avatar
    Join Date
    Aug 2005
    Posts
    405
    Member #
    10882
    Liked
    1 times
    thank you ... is useful information for me to go away and start developing an improved framework...
    Hagen Rose: hagen(at)jxwd(dot)co(dot)uk
    JX Web Development, Bournemouth, Dorset...JXWD.co.uk


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Tags for this Thread

All times are GMT -6. The time now is 04:57 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2017 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com