Search the Community
Showing results for tags 'sessions'.
-
Hi Freaks, I'm looking for advice if someones willing to give it. Here's the situation -> I've been working on a project, I started to learn PHP specifically to complete this idea I had. My code has evolved a lot over time as I've started understanding more. Up until today I've been working on it with just the registration functionality, no login. I had my username hardcoded into the $user_obj instantiation. I decided I wanted to try to make category subscription functionality and doing that I realized I was better off finishing the login form first so as to get a users subscriptions into a session variable at login. This has brought about the issue of getting an unassigned variable warning from the User class when not logged in. How I made all my other classes was putting a $user in the __construct parameter for each class. I now feel this may have been a rookie error since I'm having problems with error messages especially undefined array keys and variables when there isn't a session started. It's become a bit of a mess. So the advice I'm looking for and hoping to find here is how you folks handle non $_SESSION sessions, when a user is just scrolling the site not logged in. Did I make a mistake requiring $user for each class __construct? should I move the $user parameter to only the methods that require them? Is there a simpler solution that my inexperience causes to elude me? What would you folks do in this situation?
-
I was just researching how to make a proper logout form, seems easy enough. I noticed that a lot of the examples started with session_start(). Are they saying to start it again before destroying it? I don't understand those examples, also a few examples didn't even destroy it but just unset() everything. I also moved my session_start() from config.php to my login handler, it seemed more logical to me. So 2 questions: What IS the proper way to handle a logout - a) start session again to destroy it right away b) just destroy it c) simply unset everything? My heart chooses b) but I've been wrong many times with things that I thought made sense. Also, the session_start() - config.php or login.php? Is there a performance or security difference I should be considering? Good weekend to you all. TIA for responses.
-
There are lots of discussions about this topic online. My issue wasn't subdomain sessions being recognized by the primary domain (and vice versa), but rather just a subdomain handling things at all. You set something in the subdomain, refresh the page, and then the thing was unset. Here's what I currently have: session_name( "blah" ); ini_set( "session.cookie_domain", '.dev.example.com' ); session_set_cookie_params( 0, '/', '.dev.example.com', true, true ); setcookie( session_name(), session_id(), 0, '/' , '.example.com' ); session_start(); Things that were required, apparently: 1) Session name 2) setcookie Now with this setup, I can do this: start session in dev.example.com, access it in subsub.dev.example.com, go back and forth... session holds as expected. But what I cannot do, is: start session in subsub.dev.example.com, refresh page, have the session data hold. So lots of questions. Obviously the most important: why doesn't a session hold when I start the session in the subsub domain? Why is a session name required? (Is it?) Why is setcookie required when all I want to do is start a session? (Is it?) I don't use this step if it's a single-domain type of setup.
-
hi friends, I am new to PHP I would like to know more about the sessions about where to create and where to establish and creating a expiring page when user kept the page idle for few mins so please let me know more about the session functions thanking you.