freeloader Posted June 13, 2008 Share Posted June 13, 2008 Hi guys, I was wondering, when I register a session variable in my script like this: $_SESSION['string']="Irock"; Is anybody able to see this? How is it stored? Could I store information like the userlevel in it (user, premium, admin)? Quote Link to comment Share on other sites More sharing options...
futurewii Posted June 13, 2008 Share Posted June 13, 2008 Im not an expert so please dont kill me if im wrong.. but i think you can put echo ".$_SESSION." or something of the sort Quote Link to comment Share on other sites More sharing options...
DarkWater Posted June 13, 2008 Share Posted June 13, 2008 @futurewii: Yeah, you're wrong. But I won't kill you. @freeloader: You need session_start(); at the top of all the pages by the way, lol. Anyway: 1) Only the user who started the session can see it, and their session ID is stored in a cookie. 2) It is stored, by default, as files on your server. It's relatively streamlined though. 3) You could...Or you could make a $user array that's filled on each page based on their user ID stored in a session, or you could serialize a User object for sessions... >_> But you could store user levels directly too. =P Quote Link to comment Share on other sites More sharing options...
freeloader Posted June 13, 2008 Author Share Posted June 13, 2008 Futurewii - no that's not the way to output it, but thanks for the try anyway DarkWater - if a user connects to my website, is there any way he can find out which session variables I have stored? Quote Link to comment Share on other sites More sharing options...
DarkWater Posted June 13, 2008 Share Posted June 13, 2008 No. He can only find his session ID by looking through his cookies, but that won't do anything. This very site uses sessions. Quote Link to comment Share on other sites More sharing options...
marklarah Posted June 13, 2008 Share Posted June 13, 2008 The way in which I do it, is upon sign up, each user is assigned a "session code", and so the $_SESSION['code'] = the users code . Then, when Info is needed, it is looked up against that (I have assigned the variable $id to that to make it easier) That way, if you were to store the username eg as the session code, then if it were changed during the session, it would not change. This way it does. But you could just tell your user their code. Quite why they would need to know I don't quite know. Quote Link to comment Share on other sites More sharing options...
DarkWater Posted June 14, 2008 Share Posted June 14, 2008 The way in which I do it, is upon sign up, each user is assigned a "session code", and so the $_SESSION['code'] = the users code . Then, when Info is needed, it is looked up against that (I have assigned the variable $id to that to make it easier) That way, if you were to store the username eg as the session code, then if it were changed during the session, it would not change. This way it does. But you could just tell your user their code. Quite why they would need to know I don't quite know. That didn't make an ounce of sense to me, sorry. Why in the hell would you assign them a unique session "code" when you can just check against their userid? Saves database space and is just simpler. Quote Link to comment Share on other sites More sharing options...
marklarah Posted June 14, 2008 Share Posted June 14, 2008 Well you could, (I get mixed up here with other thingys...) You see, I have sort of grouped rows....its difficult to explain So I won't. Ill just leave it at the "code" and an "id" are both needed for my table. But for you, yeah just use the ID thats what I meant. Quote Link to comment Share on other sites More sharing options...
DarkWater Posted June 14, 2008 Share Posted June 14, 2008 Well you could, (I get mixed up here with other thingys...) You see, I have sort of grouped rows....its difficult to explain So I won't. Ill just leave it at the "code" and an "id" are both needed for my table. But for you, yeah just use the ID thats what I meant. In that case, you should read up on database normalization and fix it so there's not "sort of grouped rows". =P Quote Link to comment Share on other sites More sharing options...
bluejay002 Posted June 14, 2008 Share Posted June 14, 2008 @freeloader i just dont want to get too far away so ill go back to your concern. Session is on the server-side so you do not need to worry bout the information if it would be seen, unless, its accessed from the server itself (but too seldom do this since not all has access over the server ). if you really are that concern about security, encrypt all info in your session, store the session and all sorts of comparison... blah3x to start a session (and to use one), you need session_start()... to erase a session, you need session_destroy(). Quote Link to comment Share on other sites More sharing options...
marklarah Posted June 15, 2008 Share Posted June 15, 2008 @darkwater; its not as simple as that. I have like a users thingy, where its running over multiple servers, where users need to be logged in, whilst assuming many users at the same time...just shush, trust me, I think I know a little about php to know what Im doing no offence Quote Link to comment Share on other sites More sharing options...
freeloader Posted June 15, 2008 Author Share Posted June 15, 2008 Ok thanks for the help. Question answered Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.