Session basics

[SaranacLake]

I could use some help remembering how sessions and cookies work...  (Looks like another thing I have forgotten about!)

In one of my old scripts, I start a session using...

	session_start()
	

 

And then I have...

	$sessMemberID = (isset($_SESSION['sessMemberID']) ? $_SESSION['sessMemberID'] : '');
	

 

It appears my old naming conventions aren't so clear after being away for several years...

In my database I have a MEMBER.id (table/column) which is just an AutoNumber,  and I thought that PHP create a "Session ID" but that it was some long hexadecimal number?

 

So it's not clear to me what is in $sessMemberID.

 

I tried to look in the cookies file under my Firefox profile, but when I open it in BBEdit all i see is gibberish in that file.

 

Can someone please help me put these disparate parts together?

 

Thanks!

 

[requinix]

This "sessMemberID" is from your application. PHP isn't making it for you.
It's probably the member.id value, but I suggest looking at your login code to be sure.

The "session ID" is something else. It's a unique identifier that PHP does create for you. It is highly unlikely that you will ever need to care about it.

[SaranacLake]

10 minutes ago, requinix said:

This "sessMemberID" is from your application. PHP isn't making it for you.
It's probably the member.id value, but I suggest looking at your login code to be sure.

Yeah, I looked at my login.php script and seems that, for logged in members, I store their "memberID" in the "$sessMemberID" variable.

 

 

Quote

The "session ID" is something else. It's a unique identifier that PHP does create for you. It is highly unlikely that you will ever need to care about it.

So let me back up and explain why I'm asking about all of this.

Right now I am working on building code to add items to the user's shopping cart.

In my SHOPPING_CART table, I have a column for "member_id" which works great is a user is also a member and logged in.

But for members that are not logged in, OR for users who are not yet members, I want to use the Session "session_ID" who that I can store whatever a user put into his/her shopping cart.

 

I just added this to my home page...

	session_start();   //existing
	var_dump($_SESSION);  //new
	exit();  //new
	

 

If a user isn't a member and thus not logged in, then the above code shows "empty" when I load the home page.

 

So once I start the PHP session, how do I find the "session_ID" so that I can store it in the SHOPPING_CART table and associate it with that random user/visitor??

 

 

 

Edited September 14, 2020 by SaranacLake

[requinix]

11 minutes ago, SaranacLake said:

So once I start the PHP session, how do I find the "session_ID" so that I can store it in the SHOPPING_CART table and associate it with that random user/visitor??

I suggest you start your hunt for an answer over here.

[SaranacLake]

3 minutes ago, requinix said:

I suggest you start your hunt for an answer over here.

I finally found some useful info at php.net and found that PHP create a file for each new session and stores it here: session.save_path in the php.ini file.

 

Questions:

1.) In my PHP code, what should I be storing in my shopping_cart table for the session_id?  Is the file name that PHP create?

 

2.) And how can I capture that and store it in my table?

 

 

[requinix]

I don't know what you saw in those Google results, but the first result in what I saw was a link to the session_id() function.

Oh. By the way. If you go this approach then you'll need to take additional measures to deal with sessions that are cleaned up after inactivity. Because the more of these IDs you hold onto, the more likely you'll eventually run into a conflict.

[SaranacLake]

5 minutes ago, requinix said:

I don't know what you saw in those Google results, but the first result in what I saw was a link to the session_id() function.

 

I added an echo like this...

	session_start(); 
	echo session_id();  //new
	var_dump($_SESSION);
	exit(); 
	

 

So that echos what appears to be my session_id, but...

 

Why isn't session_id stored in the session when I create it?

 

Edited September 14, 2020 by SaranacLake

[requinix]

Why should it be? What good would that do?

[SaranacLake]

2 minutes ago, requinix said:

Why should it be? What good would that do?

I don't know, it just seems like the $_SESSION variable should know/have it's own name?!  🤨

 

So I guess I need to do this...

	    session_start();
    $_SESSION['sessionID'] = session_id();
    
    var_dump($_SESSION);
    
    $sessionID = (isset($_SESSION['sessionID']) ? $_SESSION['sessionID'] : '');
    exit(); 
    
	

 

And then I can INSERT $sessionID into a new SHOPPING_CART record?

 

Oh, one other thing...

When I look under tmp > php I see two session variables.

The first one is consistent with what I'd expect and contains...

	test|s:5:"hello";
	

 

However, the other session variable has tons of stuff in it, include a couple of SQL queries...  (In fact, it includes the UNION query I was asking you guys about the other day in the MySQL forum!!)

What is all of that about??

 

 

 

 

[requinix]

1 minute ago, SaranacLake said:

So I guess I need to do this...

No you don't. You have a function perfectly capable of giving you the current session ID. Why do you think you have to take that value, which is going to be the same value every time you call the function so long as the session is active, and put it into $_SESSION for you to get it?

If you want the session ID then call the function. Stop overthinking this.

 

1 minute ago, SaranacLake said:

When I look under tmp > php I see two session variables.

No. You see two session files. Containing session data. For two different sessions.

 

1 minute ago, SaranacLake said:

However, the other session variable has tons of stuff in it, include a couple of SQL queries...  (In fact, it includes the UNION query I was asking you guys about the other day in the MySQL forum!!)

How did you run those queries?

That's a rhetorical question. You aren't supposed to tell me the answer. You're supposed to consider what the answer is and then continue thinking about the implications of that answer in order to find the answer to your question.

[SaranacLake]

5 minutes ago, requinix said:

No you don't. You have a function perfectly capable of giving you the current session ID. Why do you think you have to take that value, which is going to be the same value every time you call the function so long as the session is active, and put it into $_SESSION for you to get it?

True.

 

5 minutes ago, requinix said:

If you want the session ID then call the function. Stop overthinking this.

Told you I was rusty on all of this stuff...  

 

 

5 minutes ago, requinix said:

No. You see two session files. Containing session data. For two different sessions.

Right, I meant Session "files".

 

 

5 minutes ago, requinix said:

How did you run those queries?

That's a rhetorical question. You aren't supposed to tell me the answer. You're supposed to consider what the answer is and then continue thinking about the implications of that answer in order to find the answer to your question.

I think I figured it out...

That 2nd Session file is not from my code, it is from phpMyAdmin!!

(Just for reference, should I ever see a query stored in my $_SESSION variable unless I am doing something crazy??  I would so, "No!")

 

 

 

 

[requinix]

4 minutes ago, SaranacLake said:

That 2nd Session file is not from my code, it is from phpMyAdmin!!

Correct.

 

4 minutes ago, SaranacLake said:

(Just for reference, should I ever see a query stored in my $_SESSION variable unless I am doing something crazy??  I would so, "No!")

Also correct.

[SaranacLake]

@requinix

Thanks, as always, for the help!!  👍