sessions

[Crew-Portal]

Quick question...

Whats the diffrence between a session and a cookie?

 

and sessions are called like

$var1 = 'Hello World!";

session_register("var1");

$var1 = $_SESSION['var1'];

 

How how exactly are cookies called?

[Crew-Portal]

bump...

[MadTechie]

Session is stored on the server side

Cookie is stored on the client side

 

see setcookie in the manual

[Crew-Portal]

So that being said are sessions better than cookies?

[phpQuestioner]

depends on what you want it for. cookies are best for setting extended times functionality, as where sessions are usually browser open and close based time interval events.

[MadTechie]

Yes for security BUT cookies live longer (if set to do so).. sessions expire when you exit the site

 

The session module cannot guarantee that the information you store in a session is only viewed by the user who created the session. You need to take additional measures to actively protect the integrity of the session, depending on the value associated with it.

 

best bet is to read up

 

see more info here

 

http://www.php.net/manual/en/features.cookies.php

http://www.php.net/manual/en/ref.session.php

[Crew-Portal]

Sorry for asking as this may be upsetting but a friend of mine told me that sessions were going to be disabled in PHP6 and they were switching over to everything being cookie based! Is this true. Please tell me its not!

[phpQuestioner]

I'm not sure if that is true or not, but even if it is; their probably not going to go back and change older versions of PHP to do this too.

[Crew-Portal]

Okay because the only way I know of doing things is by sessions. Sessions were officially removed in PHP 4.2.3 but you are able to disable that by using an ini_set thing (session.bug_compat_42 & session.bug_compat_warn) So I was wondering if that did happen is thier any other way of handling user logins and stuff?

[MadTechie]

Nope sessions are note being removed.. it would be a dumb move i assume his confused with something else

ie

remove register globals (thank god)

remove all magic_* and throw E_CORE_ERROR when set(thank god)

[Crew-Portal]

Oh Woot! I would be really sad if sessions were removed and I think it would be really dumb for the PHP team to remove them. Ya I was just asking because Im making this site and its all run by sessions so if they got removed then I world have to rebuild my site from scratch

[MadTechie]

Okay because the only way I know of doing things is by sessions. Sessions were officially removed in PHP 4.2.3 but you are able to disable that by using an ini_set thing (session.bug_compat_42 & session.bug_compat_warn) So I was wondering if that did happen is thier any other way of handling user logins and stuff?

 

No no thats to do with register_globals  NOT sessions as a whole

session.bug_compat_42  boolean

    PHP versions 4.2.3 and lower have an undocumented feature/bug that allows you to initialize a session variable in the global scope, albeit register_globals is disabled. PHP 4.3.0 and later will warn you, if this feature is used, and if session.bug_compat_warn is also enabled. This feature/bug can be disabled by disabling this directive.

 

basically when you try to use $_SESSION['test'] before setting it, it would of pulled from the register_globals, but as from PHP versions 4.3+ it displays a security warning.. that option turns off that warning

[Crew-Portal]

wait my whole life I have been reigstering variables like:

$var1 = 'Hello World!";

session_register("var1");

$var1 = $_SESSION['var1'];

 

So how am I supposed to register them now?

[MadTechie]

personally, i do this

<?php
session_start();
$_SESSION['name'] = 'bob';
$_SESSION['time'] = time();
?>

 

read comments

<?php
// Use of session_register() is deprecated
$barney = "A big purple dinosaur.";
session_register("barney");

// Use of $_SESSION is preferred, as of PHP 4.1.0
$_SESSION["zim"] = "An invader from another planet.";

// The old way was to use $HTTP_SESSION_VARS
$HTTP_SESSION_VARS["spongebob"] = "He's got square pants.";
?> 

[Crew-Portal]

Oh so you register it just like registering a variable. Oh thats easy

[Crew-Portal]

So my original code was:
[code]
<?php
session_register("valid_user");
session_register("valid_password");
session_register("user_id");
session_register("va");
session_register("mode");
session_register("admn");
?>

 

And So I change it to:

<?php

$_SESSION['valid_user'] = $valid_user;

$_SESSION['valid_password] = $valid_password;

$_SESSION['user_id'] = $user_id;

$_SESSION['va'] = $va;

$_SESSION['mode'] = $mode;

$_SESSION['admn = $admn;

?>

[/code]

 

Right or Wrong?

[Daukan]

That looks right as long as all the vars are set

[MadTechie]

Yep.. seams good