[SOLVED] Session + Cookies = Headache

[TheFilmGod]

I just got a php registration and login script to work! BUT, I have no clue where to go from here. I'm confuzled... ???

 

After a successful login php does this:

 

// if login is ok then we add a cookie 

$_POST['username'] = stripslashes($_POST['username']);


$hour = time() + 3600; 
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);

 

Now how do I make a session to work from here. I know I do some session start(); but how does the cookie work? And last thing, what if I want it to say: Hello User (with their real username)?

 

Thanks in advance! 

 

 

[JasonLewis]

overall, i would take sessions rather then cookies (even though i love eating cookies, haha). cookies, to me, dont seem reliable and they can be a pain.

 

at the top of every page, or the template file if you have one, you need to place this:

session_start();

 

and it MUST be at the top, nothing before it, except the <?php

 

to register a session you just have to say this:

$_SESSION['username'] = $username;

 

then on the page you want to display the users name, making sure you have session_start(); at the top place this:

 

<?php
echo "Welcome back {$_SESSION['username']}.";
?>

 

hope this helps.

[TheFilmGod]

Yes, I love eatting cookies too!

 

Okay. I agree with you. Sessions are better than cookies. So how do I make a session work?

 

I have a log in script that checks the password to the username. Php goes through the script and it is successful! So how do I create a session right after that happends?. I just don't want to throw in session_start() out of nowhere when someone hadn't logged in and give them some level of access when they don't deserve it. You know what I mean?

[JasonLewis]

session_start() means that you can use the $_SESSION global variable.

 

when they login and it is successfull set a session to there username and set one to make sure there logged in. try to make them unique names.

 

if($login_successful){
$_SESSION['loginUsername'] = $username; //register the username session
$_SESSION['loginSuccessful'] = true; //register the login successful session
}

 

on everypage you need to include the session_start() at the top. then on pages you want to display the person username or check if there logged in, do the following:

 

if(isset($_SESSION['loginSuccessful'])){ //check if session is registered
echo "Welcome back {$_SESSION['loginUsername']}";
}

 

then to logout the user use the session_destoy(); function. for more information on them look at the www.php.net manual.

[TheFilmGod]

Yeah. It makes a lot of sense. It seems to work just like a cookie. Last question. If I just do session_start() will the server just remember the person? Wouldn't they need a cookie or sometype of identifier to track them each time?

[JasonLewis]

it will remember them until the session times out. sessions only last for a certain time, cookies hoever, can last forever. which is the only advantage i see with them. if you dont place session_start() on a page then that page wont recognize the user as being logged in.

[TheFilmGod]

Thanks for all your help, projectfear. You def. helped me out a lot. 

 

Actually there is another advantage to cookies. You can eat them!!  :D

[JasonLewis]

haha, no problems. yeh cookies are yummy. keep up the coding!!!