manix Posted June 25, 2011 Share Posted June 25, 2011 Hey, I came across this problem where it's all good when a user logs in and it's all cool and stuff but then when he's hyperlinked to a page or something and he has to log in again. Now I went through a couple of tutorials and all I understood was that I have to use session_start function, and I could just copy/paste the code but I want to really get it, the way it works. Could someone bother explaining this to me? Long story short - how do I maintain the user logged in through all my pages ? Thank you for your time. Quote Link to comment Share on other sites More sharing options...
WebStyles Posted June 25, 2011 Share Posted June 25, 2011 In simple terms, by adding session_start(); at the top of each page, you have access to using the $_SESSION variable. These variables will exist until: a) your game/application/page destroys them (with session_destroy() ) or b) until browser is closed. or c) until the session time limit in your main configuration is reached so imagine you simply add session_start() to the top of all your pages (including the page where you have your login script) during a successful login, at the end write: $_SESSION['loggedIn'] = 1; //(or whatever names/values you want) then on each page, just check that variable <?php session_start(); if( !isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] != 1 ){ // user is lot loged in, redirect, show message, etc... exit(); } Quote Link to comment Share on other sites More sharing options...
manix Posted June 25, 2011 Author Share Posted June 25, 2011 c) until the session time limit in your main configuration is reached Can't I set the expiration time ? I mean can I force the session to last longer or do I always have to start the session in all my documents Quote Link to comment Share on other sites More sharing options...
WebStyles Posted June 25, 2011 Share Posted June 25, 2011 If you do not put session_start() at the top of your pages, you will not have access to $_SESSION, no matter how long the sessions last. Quote Link to comment Share on other sites More sharing options...
manix Posted June 25, 2011 Author Share Posted June 25, 2011 okay so what I picked out is that $_SESSION is used for temporary login and cookies are used for long time login, is that right? Quote Link to comment Share on other sites More sharing options...
WebStyles Posted June 26, 2011 Share Posted June 26, 2011 $_SESSION is used for many other reasons, not just for logins. it's useful to store data while processing, to move data from page to page, etc.. But yes, a cookie (as long as the user has the browser set to remember cookies) will store you login info for longer (depending on the cookie timeout you define). I, personally, do not like cookies. Not only because they depend on browser settings that I cannot control but also because I consider them a security issue, mainly because you cannot trust users to protect their data. I work at a financial servicing company, and out of our 400 employees, about 250 will never remember to lock their computer when they leave... See how serious a cookie can become? Anyone passing by will have access to their accounts, intranet, email, possibly other passwords stored in email... Of course a session has the same issues, but if you control the timeout, you're only vulnerable for about 15 minutes (that's the inactivity time I normally set). Also, with sessions, a text file is created on your server, so you can easily kill any user's session (force logout), whenever you want just by deleting the correct session file. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.