Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Keeping track of sessions

Status
Not open for further replies.
kasuals

kasuals

Programmer
Apr 28, 2002
100
US
Well, since my entire project is basically PHP I'd like to handle sessions in PHP as well.

What would be the best way to handle a login session in PHP? I want to keep track of users, and make sure that after a timeout of (x) they are logged out, and kill the session if they are logged out.

I haven't done much research yet, I figured I would pose the question to my peers to get a few suggestions of the best method before researching.

Thanks in advance.

- "Delightfully confusing..." raves The New York Times

-kas
 
Sort by date Sort by votes
Sleip:

I read a few posts back about session security. Should I just stick to using cookies in your opinion?

- "Delightfully confusing..." raves The New York Times

-kas
 
Upvote 0 Downvote
Yeah, PHP will do cookie-based or URL-based sessions.

According to the online manual page I posted earlier, URL based session management has additional security risks compared to cookie based session management. Users may send an URL that contains an active session ID to their friends by email or users may save an URL that contains a session ID to their bookmarks and access your site with the same session ID always, for example.[/u]

Want the best answers? Ask the best questions: TANSTAAFL!
 
Upvote 0 Downvote
Thats kind of what I figured. Awesome, thanks for the link, I'll read up on it.

Appreciate your thoughts.

- "Delightfully confusing..." raves The New York Times

-kas
 
Upvote 0 Downvote
Silly question here:
What if a user has their cookies turned off?
Are there any methods of passing variables between PHP scripts without using a cookie?

Thanx in advance,

Neil
 
Upvote 0 Downvote
neilyalowitz:

The answer is: YES.
It's really not PHP, but you would pass hidden fields that are written on every sucessive page. That way you could pass the values on to a script that is accessed via POST or GET.
If it's accessed via a link, the values are gone (unless the link has GET parameters).

If a user has cookies turned off, I'd tell him/her to turn cookies on, or not use the service.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

EdLentz
  • Locked
  • Question
I need a simple example of how to send a table of info .
Replies
8
Views
730
EdLentz
EdLentz
PeDa
  • Locked
  • Question
POST Content-lLength of ... bytes exceeds the limit of 8388608 bytes in Unknown on line 0
Replies
4
Views
654
feherke
feherke
vie3548
  • Locked
  • Question
MEMO FIELD NULL INSTEAD OF EMPTY STRING
Replies
0
Views
243
vie3548
vie3548
PeDa
  • Locked
  • Question
unwanted spaces inserted into the middle of php-generated html email body 1
Replies
2
Views
312
PeDa
PeDa
Steve-vfp9user
  • Locked
  • Question
SHow full description of event
Replies
1
Views
203
Steve-vfp9user
Steve-vfp9user

Part and Inventory Search

Sponsor

Back
Top