Search the Community

Hi Freaks, I'm looking for advice if someones willing to give it. Here's the situation -> I've been working on a project, I started to learn PHP specifically to complete this idea I had. My code has evolved a lot over time as I've started understanding more. Up until today I've been working on it with just the registration functionality, no login. I had my username hardcoded into the $user_obj instantiation. I decided I wanted to try to make category subscription functionality and doing that I realized I was better off finishing the login form first so as to get a users subscriptions into a session variable at login. This has brought about the issue of getting an unassigned variable warning from the User class when not logged in. How I made all my other classes was putting a $user in the __construct parameter for each class. I now feel this may have been a rookie error since I'm having problems with error messages especially undefined array keys and variables when there isn't a session started. It's become a bit of a mess. So the advice I'm looking for and hoping to find here is how you folks handle non $_SESSION sessions, when a user is just scrolling the site not logged in. Did I make a mistake requiring $user for each class __construct? should I move the $user parameter to only the methods that require them? Is there a simpler solution that my inexperience causes to elude me? What would you folks do in this situation?

I was just researching how to make a proper logout form, seems easy enough. I noticed that a lot of the examples started with session_start(). Are they saying to start it again before destroying it? I don't understand those examples, also a few examples didn't even destroy it but just unset() everything. I also moved my session_start() from config.php to my login handler, it seemed more logical to me. So 2 questions: What IS the proper way to handle a logout - a) start session again to destroy it right away b) just destroy it c) simply unset everything? My heart chooses b) but I've been wrong many times with things that I thought made sense. Also, the session_start() - config.php or login.php? Is there a performance or security difference I should be considering? Good weekend to you all. TIA for responses.

There are lots of discussions about this topic online. My issue wasn't subdomain sessions being recognized by the primary domain (and vice versa), but rather just a subdomain handling things at all. You set something in the subdomain, refresh the page, and then the thing was unset. Here's what I currently have: session_name( "blah" ); ini_set( "session.cookie_domain", '.dev.example.com' ); session_set_cookie_params( 0, '/', '.dev.example.com', true, true ); setcookie( session_name(), session_id(), 0, '/' , '.example.com' ); session_start(); Things that were required, apparently: 1) Session name 2) setcookie Now with this setup, I can do this: start session in dev.example.com, access it in subsub.dev.example.com, go back and forth... session holds as expected. But what I cannot do, is: start session in subsub.dev.example.com, refresh page, have the session data hold. So lots of questions. Obviously the most important: why doesn't a session hold when I start the session in the subsub domain? Why is a session name required? (Is it?) Why is setcookie required when all I want to do is start a session? (Is it?) I don't use this step if it's a single-domain type of setup.

hi friends, I am new to PHP I would like to know more about the sessions about where to create and where to establish and creating a expiring page when user kept the page idle for few mins so please let me know more about the session functions thanking you.