Destramic Posted May 2, 2015 Share Posted May 2, 2015 hey guys im trying to save a session as a cookie using session_set_cookie_params(); the problem im getting is that the session file ins't being saved in the directory i specifiy when usings session_set_cookie_params(); session_start(); session_set_cookie_params('3600', PRIVATE_DIRECTORY . 'data' . DS . 'session', $config->base_url, false, true); ini_set('session.gc_probability', 1); $_SESSION['foo'] = "bar"; what i want to do is save the session cookie and when user closes browser and then re-enters the site the session is still there...(unless that's not how it works) any help would great thanks guys Quote Link to comment https://forums.phpfreaks.com/topic/296029-session-cookie/ Share on other sites More sharing options...
fastsol Posted May 2, 2015 Share Posted May 2, 2015 I don't believe that's how it works. It would be easier to just use set_cookie() and assign the according info you need. Obviously with cookies (granted it would be the same if your original method had worked) you can't trust the values, so they would need to be validated in any instance. Quote Link to comment https://forums.phpfreaks.com/topic/296029-session-cookie/#findComment-1510596 Share on other sites More sharing options...
mac_gyver Posted May 2, 2015 Share Posted May 2, 2015 the second parameter of session_set_cookie_params() isn't where the session data is saved on the server, it's the path on your site that the session cookie will match - Path on the domain where the cookie will work. Use a single slash ('/') for all paths on the domain. session_save_path() controls where the session data is saved on the server. Quote Link to comment https://forums.phpfreaks.com/topic/296029-session-cookie/#findComment-1510597 Share on other sites More sharing options...
Destramic Posted May 3, 2015 Author Share Posted May 3, 2015 session_save_path() controls where the session data is saved on the server. worked like a dream thank you. now that i have the session data saved in a private directory...am i able to access it when user reopens browser and visits my site so that i can get any credentials I've stored...like timezone, language etc? Quote Link to comment https://forums.phpfreaks.com/topic/296029-session-cookie/#findComment-1510609 Share on other sites More sharing options...
Ch0cu3r Posted May 3, 2015 Share Posted May 3, 2015 Yes, provided the session has not expired. Quote Link to comment https://forums.phpfreaks.com/topic/296029-session-cookie/#findComment-1510633 Share on other sites More sharing options...
Destramic Posted May 4, 2015 Author Share Posted May 4, 2015 ok well i've been trying to figure a few things out with session files but have some questions if someone can please clear up. 1. i can read the session file (using the code below)...which is saved as the users session_id() but if the user closes the browser how do i know what file is theirs as a new session_id() would be regenerated automatically upon revisiting....so would i know what file to load in this instance? $contents=file_get_contents('http://localhost/scripts/session/sess_4653e1122ead235d30f928f71308c805'); session_start(); session_decode($contents); print_r($_SESSION); 2. i set session_set_cookie_params() to 20 seconds, and was expecting the session file to be removed after then or non accessible after that period, but i still am able to read the file... session_set_cookie_params('20', '/'); i could use the totch() function to set the modification file time and know if file has expired that way... but if i could have some advise on how i can do these things then that would be great. thanks guys Quote Link to comment https://forums.phpfreaks.com/topic/296029-session-cookie/#findComment-1510692 Share on other sites More sharing options...
Ch0cu3r Posted May 4, 2015 Share Posted May 4, 2015 (edited) To get the users session id you can called session_id() after you have called session_start() eg. session_start(); // get the session contents $contents = file_get_contents('scripts/session/sess_' . session_id()); But why do you need to read the session file yourself? PHP automatically does this when you call session_start(). If you want to override how PHP handles sessions you can write your own session handler, see the documentation on session_set_save_handler. 2. i set session_set_cookie_params() to 20 seconds, and was expecting the session file to be removed after then or non accessible after that period, but i still am able to read the file... The session_set_cookie_params() function only affects the cookie not the physical session file.. The files for expired session are deleted automatically by the garbage collection process. Edited May 4, 2015 by Ch0cu3r Quote Link to comment https://forums.phpfreaks.com/topic/296029-session-cookie/#findComment-1510695 Share on other sites More sharing options...
Destramic Posted May 7, 2015 Author Share Posted May 7, 2015 sorry for the confusion....after trying the following code before and NOT after session_start() it worked as i wanted.. session_save_path('C:\Users\Ricky\Desktop\www\scripts\session'); ini_set('session.gc_probability', 1); ini_set('session.gc_maxlifetime', 360*72); session_set_cookie_params(360*72, '/'); is it possible to remember only certain session values and then to set other session values just to be kept until browser closes?...seems when i alter session cookie parameters it effects every session i create from there on... if not i had read about storing session_id and session values in a database which could work perfectly when it comes to giving certain values different lifespans thank you Quote Link to comment https://forums.phpfreaks.com/topic/296029-session-cookie/#findComment-1511079 Share on other sites More sharing options...
mac_gyver Posted May 8, 2015 Share Posted May 8, 2015 it sounds like what you are trying to do isn't what session variables are intended for. the session is just a container for server-side variables that persist between page requests. it's called a session because it's intended to only last one browser session. it's actually not normal to extend the session cookie lifetime. perhaps if you state what some of these different values will be used for, someone can tell you the best way of handling each of them. Quote Link to comment https://forums.phpfreaks.com/topic/296029-session-cookie/#findComment-1511183 Share on other sites More sharing options...
Destramic Posted May 10, 2015 Author Share Posted May 10, 2015 well my issue is that i save the users language ie. en and timezone offset ie, +01:00...which is saved under a session cookie for 20 days...now say for instance if a user logs in a doesn't want to be remembered (save id in session cookie)...this has become a bit difficult as lifetime is set and effects all sessions set due to this code. ini_set('session.gc_maxlifetime', 60*30); session_set_cookie_params(60*60*24*20, '/'); is it good practice for me to create a session table?...that way i can save sessions there making each session flexible to a lifetime? or also i was thinking which may be way out there is...for each session i create a lifetime ie. session_start(); $_SESSION['name'] = "destramic"; $lifetime = 60*60*2 $_SESSION['name_lifetime'] = time() + $lifetime; hope you understand my difficulty thanks yiou Quote Link to comment https://forums.phpfreaks.com/topic/296029-session-cookie/#findComment-1511301 Share on other sites More sharing options...
mac_gyver Posted May 11, 2015 Share Posted May 11, 2015 user preferences (and privileges) are usually stored in a database table and retrieved on each page request. this allows them to be easily modifiable by site moderators/admins and they take effect immediately (on the next page request.) storing them in session variables means that only the visitor that the session belongs to can easily modify them or you must add a lot of unneeded complexity to make the session data find-able and editable by site moderators/admins. a 'remember me' login is usually accomplished by generating a unique and hard to guess token, that's not a fixed value tied to any user information, storing that token in a cookie and storing it in the user row in a database table. in this case, the logged in/logged out state is also stored in the user row in the database table so that the only way that someone who's logged out can become logged in is for them to submit their username/password. Quote Link to comment https://forums.phpfreaks.com/topic/296029-session-cookie/#findComment-1511376 Share on other sites More sharing options...
Destramic Posted May 11, 2015 Author Share Posted May 11, 2015 brilliant...thank you very much for that useful information...I've certainly been doing things wrong thanks again mac_gyver Quote Link to comment https://forums.phpfreaks.com/topic/296029-session-cookie/#findComment-1511448 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.