php sessions

[Destramic]

hey guys....I'm wanting to remember certain session data on my site but when browser closes i want some session data to be remembered and some sessions to be destroyed...I've been reading and looking at tutorials and but nothing really on this...

 

amazon is a good example...where you can add things to your shopping basket, log in and then when browser is closed your logged out but your cart still has the data.

 

if someone could please explain to me how this can be achieved please?

 

thank you

[CroNiX]

You wouldn't store the abandoned cart data in session. You'd store it in another table using the users id, so when the user logs in you just check to see if they have an abandoned cart entry and see if they'd like to purchase it or delete it. When the cart is purchased, you wipe out that cart data from that table.

[rwhite35]

Amazon is storing a cookie in you cookie jar.  The cookie only contains the items you selected.  To see their cookie in action, look under your browsers setting > Cookies.  You can create, store and recall cookie data with PHP too.  Have a look here http://php.net/manual/en/features.cookies.php. 

 

There are couple things to know.  Don't store important information like User name or passwords.  And make sure you set your cookies to destroy.

/* next time they visit */
unset($_COOKIE["yourcookie"]);

/* automatically on close (-1). */
setcookie("yourcookie","yourvalue",time()-1);

Finally, cookies are not a sure thing.  The web user can select to not accept your cookie in which case CroNix answer would be the better solution.

[Destramic]

You wouldn't store the abandoned cart data in session. You'd store it in another table using the users id, so when the user logs in you just check to see if they have an abandoned cart entry and see if they'd like to purchase it or delete it. When the cart is purchased, you wipe out that cart data from that table.

 

that a good idea...if a user_id doesn't exist then i suppose a session_id would be suffice.

 

now there's one more problem I can't tackle when it comes to sessions if you could please help/advise.

 

now i set session max lifetime for a hour:

ini_set('session.gc_maxliftime', 60*60);

if user logs in and doesn't want to be remembered then the users username and user_id is remembered in a session which is written to my session table via my session handler...now if browser is closed and the site reopens the username and password still exist due to the session max life...i could put a expiry time in my session table structure for the data but that doesn't necessarily mean the data will expire or be removed when browser is closed...so I'm in a bit of a pickle regarding this issue.

 

on the other hand if user wants to be remembered a token is generated which matches the on in the users table...can expire by log out....no problem

 

how can i manage not remembering a user after browser closed please?...any advise on this guys would be appreciated

 

hope someone can help

 

thank you

[Destramic]

can any help please?

[Destramic]

session data caught in database

name|s:5:"Ricky";language|s:7:"English";timezone_offset|s:6:"+00:00";id|s:4:"2999";username|s:9:"Destramic";

now if user has reopened browser after log in the data is read from the session id and the session values exist as should be...but as user haven't ticked remember authentication in previous browser session i don't want username and id to be remembered but for the other data to be remembered...

 

what i need is for username and id to be unset on close of browser....how can i achieve this?

[ginerjm]

IMHO you are getting confused by your attempts to use session for something it is not appropriate for.

 

A session is just that. It is a period of time when there is usage of a browser to connect to your site. It lasts only as long as that activity continues. It can disappear via a timeout if there is no activity on the browser (I believe) but it will continue to live and exist as long as there IS activity on that browser. That's a session. It has no life after the browser is closed so concern about getting rid of certain values is misplaced I believe. (I'm sure if I have made a misstatement here it will be brought to our attention!).

 

As for your desire to retain some information BETWEEN sessions you need to focus on cookies. Cookies are actually there to help you retain something that you want to last longer than a session. You can create the cookie with an expiration date so that it will eventually go away from lack of use and you can re-set the expiration date every time it is accessed. Sounds like something that already does what you are trying to do.

 

Now the connection that is missing is how will the cookie relate to the data that you want to 'remember' between sessions? Well if it is simply a username (and id?) then one cookie s/b sufficient. Your script begins, looks for a specific cookie and uses the value of the cookie as the username. If they successfully complete the 'login' and prove that they are eligible to use this app then you can re-write that cookie with an updated expire date.

 

Your last statement above said you 'need is for username and id to be unset'. Why do you need both in the first place? If you give the user his username and he supplies the password - YOU can then verify the signon and get the id from the db. No need for it to be stored anywhere else between sessions. But if you do need the id saved for some reason, a cookie will work. As for removing them at the close of the browser - I'm confused since your whole effort seems to be how to retain them between sessions and now you're concerned with removing them at the end of the session. Well - a simple session var already does that if you use the normal default settings for sessions.

 

Hopefully I am not mis-informing you. This is my experience with sessions, which I've never played with and worried about timeout and retentions, etc. If you want something retained between sessions, use a cookie. For stuff during a single session, use session vars. For removing something in a cookie, delete it when you want to un-remember the info. Seems like this should do everything you want.

[Destramic]

thank you for your reply and yeah you make a good point...i use session cookies which allow me to store the session_id() in the cookie PHPSESSID longer...but i think i'll use a cookie when it comes to capturing none sensitive data such as timezone offset and language.

 

 

Your last statement above said you 'need is for username and id to be unset'. Why do you need both in the first place? If you give the user his username and he supplies the password - YOU can then verify the signon and get the id from the db. No need for it to be stored anywhere else between sessions. But if you do need the id saved for some reason, a cookie will work. As for removing them at the close of the browser - I'm confused since your whole effort seems to be how to retain them between sessions and now you're concerned with removing them at the end of the session. Well - a simple session var already does that if you use the normal default settings for sessions.

 

well the user is authenticated by his username and password originally...but a username and id is stored in a session when authenticated, that way I'm able to confirm authentication whilst visiting the site...surly this is how everyone else does it?

[ginerjm]

As I said - you can do that and save them in the session vars.

 

BTW - you don't need a session to have a cookie. The term 'session cookies' is incorrect.