A question on sessions

[Flames]

I've been here quite a while but theres something i still cant seem to get right, sessions.

I've tried making a login system based around sessions but it never worked because you cant pass sessions on through pages, but i have seen websites using sessions and they dont pass them on through the URL, so if somebody would be able to tell me, if i used one main login page which validated info and set the sessions, which i then included on another page would i have access over the sessions?

[premiso]

It is set in the cookie.

 

http://webscripts.softpedia.com/script/Snippets/disable-php-sessid-in-URL-3448.html

 

Will help you to disable it. If that is disable the default will be to use cookies to store the sessionid.

 

If the user does not have cookies enable it will resort to the url. Using the cookies you only need to call session_start and it will automatically get the sessionid from the set cookie and start that previous session.

[Flames]

so if i used that code all my sessions would be passed through the pages?

[premiso]

They should be passed through anways. The above code just forces a cookie to handle the sessid instead of the query_string.

 

Just remember to call session_start at the top of any page using sessions and make sure it is called before any output is echoed to the browser.

[Flames]

well one time i made a login script using sessions and it wouldnt get passed to the next page.

 

eg. login page

session_start();

$_SESSION['logged_in'] = "1";

header("location:user.php");

 

then on user.php

session_start();

if($_SESSION['logged_in''] == "1")

{

echo "logged in";

}

else

{

echo "logged out";

}

 

and it wouldnt work, any reasons why?

[premiso]

Could be a server issue, could be you did not allow cookies. I do not know.

 

Does that still happen, or was that just one time?

[Flames]

it was the whole session script, i rewrote the login system with cookies and it works fine i just want to use sessions, because they are safer.

[premiso]

Well one note, if the browser is closed the session ends. If you closed the browser and went back to the page, that is the reason why.

 

As for why it would not work, do a phpinfo(); and check that

 

Session Support 	enabled 

 

Cause it may not be enabled. Other than that I am not sure what would cause it.

[Flames]

session support is enabled. so ill try changing cookies to sessions and see if it works.

[premiso]

If you have a .htaccess make sure that is not modifying the session data either, as that can overwrite the php.ini settings. That is if you have one.

[Flames]

Thanks for the help, it now seems to be working for some reason.

 

But as another question how should i use sessions and cookies to create a safe user area.

[premiso]

Well it depends. I always give my user the option to "remember me", of which I make a hash of their username and password and store in it for x number of days. Then if they close the browser and come back it checks for that session hash and then verifies it and re-logs in that user while re-populating the userdata in session.

 

If the user does not check that box I assume they want their data cleared on browser close and let it be.