session variable question

[182x]

Hey guys, I am using session variables in order to insert the username into the database when the user submits a form. I was just wondering as I don't fully understand session variables could this cause any problems? For example if one user logs in and then another will the first users session vars be overwritten?

 

(I am only making a localhost site which is run locally, so if I did this on my machine logging in two different users one in firefox one in ie would this also be ok?)

 

Thanks.

[premiso]

The session variables are independent of users and browsers. The session will stay alive for the lifetime of the browser (unless you use your own session scheme). But when a browser closes that user's session is wiped out essentially.

 

The only concern you might have is session hi-jacking, which is only a concern on Shared hosting.

 

You should be fine. Sessions are independent of each other.

[182x]

Thanks, for testing purposes is there anyway to 'login' as different users at the sametime without having to use different browsers?

 

Thanks.

[teng84]

u have to use the DB where you will set the  fields like active or logged

[182x]

another question I have about session variables would be if for example my username was 'testUsername' and I logged in with that username and didn't logout using session_destroy and someone else used the login page with a shorter username for example 'test' would the session store the username as test or because it didn't logout properly would it be a jumble of both usernames? ans does this apply to all session variable? thanks.

[premiso]

another question I have about session variables would be if for example my username was 'testUsername' and I logged in with that username and didn't logout using session_destroy and someone else used the login page with a shorter username for example 'test' would the session store the username as test or because it didn't logout properly would it be a jumble of both usernames? ans does this apply to all session variable? thanks.

 

No, session variables are unique to user/browser session.

 

If someone was using the same browser and logged out and then logged back in, the session data should be overwritten. But you should kill the session data when a user logs out.

 

Also session data usually has a life span of 20 minutes default I believe, something like that. I am not sure how closely PHP follows it but yea.

 

The key is that sessions are completely independent of each other as long as the user is using a different computer/browser. I generally store login information in cookies hashed up to verify that against the DB, so the cookie keeps the user logged in and not sessions for that exact reason of a browser closing. Anyhow I think you are worrying too much. Once again, sessions are completely independent of each other.

[teng84]

basically if you have the initialization like

$username= $_POST['name'];

every time the post is triggered it will be overwritten

but if you have this

$username .= $_POST['name']; it will output the way you ask your question like it will be merge

[182x]

Thanks again for the replies. Just to confirm even if a user logs in and no session destroy is used and another user goes to the login page and logs in with a shorter username all session variables will still be ok for the new user?

[182x]

I am also using the following syntax.

 $username = $_SESSION ["username"]; 

[teng84]

where did you initialize this $_SESSION ["username"]

 

like $_SESSION ["username"]=$_POST['test']

[182x]

I did that at the login processing where a query is performed and the result stored as follows:

 

 $_SESSION ["username"] = $row["username"];

 

So is everything then cool even if the session isn't properly destroyed?

 

[teng84]

can you post a piece of codes you have and tell us what is your expected result with that

[182x]

Its just the row from a query based on the login details so based on that information and taking the question about the different users logging in if no session destroy was called will the variables still all be ok and no a jumble of eachother?

[teng84]

with this  $username = $_SESSION ["username"]; no jumble it will always get overwritten

if you say start logging in or initialize the session

[182x]

at the top of every page i use

session_start();

is that the best way to initlise the session? thanks again

[teng84]

thats necessary if u will use session in that page

[TheFilmGod]

make sure you use session_start() in pages that use the loggin feature. I once tested if they were logged in by testing a session variable... But you need to start the session to even test that variable out!!