[FX.php List] Do session always work?

Erik Andreas Cayré erik at cayre.dk
Sun Oct 29 02:02:39 MST 2006 

Den 27/10/2006 kl. 5.59 skrev Jonathan Schwartz:

> I'm in the process of working through trouble spots from my last  
> project.
>
> The solution relied on sessions.  Some users couldn't get past the  
> login, which used session data to advance to the next page.
>
> I know that cookies can be turned off in the browser.
>
> What pitfalls can occur with sessions?  Or, are there other areas  
> to explore?

I believe PHP sessions work by sending each user a unique cookie with  
the response page. When the user sends another request to the server,  
this cookie is included in the request, and thus PHP is able to  
identify the correct session to handle the request.

To offer you service for users with cookies disabled, you must  
provide another unique identification mechanism, such that PHP will  
know to differentiate between requests coming in to the server.
You can do this with a unique sessionid which you pass using GET  
(visible in the URL). I've seen this done on many large commercial  
sites. Typically it's a long HEX string (eg.32 chars).

Quote from the PHP manual http://dk2.php.net/manual/en/ref.session.php:

> CXLII. Session Handling Functions
>
> Introduction
>
> Session support in PHP consists of a way to preserve certain data  
> across subsequent accesses. This enables you to build more  
> customized applications and increase the appeal of your web site.
>
> A visitor accessing your web site is assigned a unique id, the so- 
> called session id. This is either stored in a cookie on the user  
> side or is propagated in the URL.
You may wish to read up on the matter...

regards

---
Erik Andreas Cayré
Spangsbjerg Møllevej 169
DK-6705 Esbjerg Ø

Home Tel: +45 75150512
Mobile: +45 40161183

»If you can't explain it simply, you don't understand it well enough.«
-- Albert Einstein

»If you don't have time to do it right, when will you have time to do  
it over?«
-- John Wooden, basketball coach


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1856 bytes
Desc: not available
Url : http://www.iviking.org/pipermail/fx.php_list/attachments/20061029/0c7f38c4/smime.bin

More information about the FX.php_List mailing list