Jump to content

Recommended Posts

Hello All

 

I have two questions regarding PHP Sessions that I need some information on.

 

First, is at the top of every page (execpt includes) I have the following two lines:

 

session_name('<some name>');
session_start();

 

However, when I look at other's code, it doesn't appear to me that they do the same thing. I have found that if I do not have those two lines at the top of every page, the session variables aren't available on those pages. By the way, I use the "session_name" because I was having overlapping session issues when running multiple PHP applications on the same server. Sometimes one user on one application could log out another user on another application and so forth. Am I doing something wrong or am I doing it correctly?

 

 

Second, I have an application where there are user accounts. They log in, do some stuff, and then they "can" log out. I would like to track the users "logged in" status but I am finding that difficult. I have a "lastLoggedIn" column in the MySQL table as well as a "loggedIn" flag. These can easily be set and unset when a user actually logs in or out, but I am not sure how to handle this if the user stays logged in and their session simply expires. Then, they are logged out but not in a way where I can use their log-out process to make annotations in the db. Any advice?

 

Thank you all for reading and have a good day.    :)

<<quote>>

 

You do not require a session_name() call as you're wanting to create a dynamically named session per use. session_start is required on any page which will use the session variables, and it is the only method you'd see used in most other scripts and tutorials out there, Nothing more is needed.

 

If you wish to track if a user is offline, you can simply compare "last login" to "last activity", through either them or a cron job which will require them to log in again if the 'last activity' time is too far in the past.

You say that I don't require "session_name()" but when I have multiple web applications that I have written running on the same server in the same "/var/www/html" web directory (but in different sub-folders), I seem to get overlapping SIDs, variables, and actions unless I use the "session_name()". Is there something else that I could be overlooking?

 

Thanks for reading and replying.  :)

After doing some testing I have discovered that if you set the "session path" variable to a unique directory for each application, then the SIDs will be different. For example, if I have:

 

  • /var/www/html/myAwesomeApp01
  • /var/www/html/myAwesomeApp02
  • /var/www/html/myAwesomeApp03

 

Both of the following methods will produce unique SIDs for each application:

 

session_name('myAwesomeApp01')

 

or

 

$my_session_path = [some path]
session_set_cookie_params(0,$my_session_path);

 

To set the $my_session_path variable I used the "getcwd()" funciton.

 

$my_session_path = getcwd();

 

Does anybody else do it similarly? Are there any more fancy or approved ways of doing this? I'll attach my working files in case you want to see what I was doing.

 

Thanks for reading.    :)

 

[attachment deleted by admin]

I have never used or had to use session_name() as the "colliding" session variables should be very slim, unless you have a ton of users for each application, then I could see the collisons, but setting the save path for each application, as you stated, should fix that and you should not need the session_name.

 

However, if you want it, I do not see anything wrong with using it. You could also check your session garbage collector value and put that to a lower value so it clears out the session garbage more regularly if the session has expired.

 

For the logged in issue, you can simply make a cron script that checks if the lastactivity time is greater then x minutes, say 5, they are not "loggedin" or "active". That would be the only way I know how to do that (granted there are other ways with AJAX etc) but yea.

I have an update to my update. Apparently using the "getcwd()" function is NOT a good idea. It did set different SIDs per application, but they also changed every time I refreshed the pages. So, I tested it with static paths and it set different SIDs that were stable for the life of the session and each refresh. Here is what I did:

 

    $my_session_path = "/var/www/html/sessionsTest/[directory name]

 

 

premiso ... to answer your post. Download my test files and remove the "session_set_cookie_params" instance from the index.php files, put the "sessionsTest" folder in your www directory and see what happens. Get back to me if I am doing anything incorrectly.

 

Thanks for reading and replying.    :)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.