Jump to content


Session Storage And Id Takeover


  • Please log in to reply
1 reply to this topic

#1 Guest_edwinsweep_*

Guest_edwinsweep_*
  • Guests

Posted 28 June 2006 - 12:51 PM

hi everybody.
im currently making a website with a forum.
i wanna be able to make a page that contains all the names from everybody that's online
atleast the one's that are logged in, they will have a name.
the rest will have GUEST or something.
but when somebody enters my site he's unlogged. (by standard)
so he shows up as GUEST status.
and when the person logs in, a new session is made with new info.
only the old one is still sitting there and counting in the amount of member that are online!
what should i do, is there a way do delete the old session from the temp session directory by writing some commands in the script itself?
something like the session_destroy command.
i tried the session_destroy thing. but it doesnt delete it from the session directory.
any idea's what will.
or should i include the ip addres into the session and check if its used 2x and delete the older session?
any advise or hints are appreciated.
thanks in advance

#2 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 28 June 2006 - 02:28 PM

Why not just update the current session the GUEST user is using? Rather than destorying the session and creating a new one? Someting like this:
<?php
session_start();

if($_SESSION['logged_in'] != '1')
{
    $_SESSION['user'] = "GUEST";
}
else
{
    // reset session as a blank array:
    $_SESSION = array();

    //get user credentials

    // reset the session data
    $_SESSION['logged_in'] = '1';
    $_SESSION['user'] = $username;
}

?>
Also session_destory clears the data in the session file and sets that session id as invalid. It does not delete the session. If you want the session files to be deleted automatically when they expire you'll want to look into Garbage Collection. Garbage collection is control by session.gc_probability and session.gc_divisor. Look these up over at [a href=\"http://www.php.net/session\" target=\"_blank\"]http://www.php.net/session[/a]. These settings can set using ini_set.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users