Jump to content
  • Advertisement
Sign in to follow this  
dave

[web] Sessions In PHP [ retitled ]

This topic is 4853 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Of life. Nah i'm kidding. Umm. I currently have my web site set up so on index.php you have a link to a log-in page that logs you in confirming against a mysql database and returns you to index.php. Now on index php it knows if you have logged in or not. Now if i want the client to be logged in on every page until the browser closes, i assume i have to store a cookie on the client machine with the username and password. So each page looks at the cookie and trys to automatically log in. When the browser closes the cookie goes away. Is this what happens? Dave [Edited by - Dave on December 1, 2005 3:08:00 AM]

Share this post


Link to post
Share on other sites
Advertisement
Well, I'd say (and I'm probably far from alone on this) that sessions are the way to go. It's all done server-side, so it's much more secure, and you don't have to worry about the client having cookies disabled.

Everything else looks about right.

Share this post


Link to post
Share on other sites
That's right. You don't even really have to store the password information in the session on the server. Just register a session variable in PHP called $userId or something when someone successfully logs in. At the top of each page, check if that variable has bene registered. If not, redirect them to the login page.




~BenDilts( void );

Share this post


Link to post
Share on other sites
Ok so sessions in PHP, is that a topic in itself?

If i declare a variable in one file, is it available in another?

Dave

Share this post


Link to post
Share on other sites
Yes, it is a topic in itself (which provokes several security questions), but the easy explination works like this.

At the tope of each .php file that generates a web page, type:

session_start();
global $HTTP_SESSION_VARS;
$UserName = $HTTP_SESSION_VARS['ValidUser'];


Once a user has logged in, make sure you say say:

$HTTP_SESSION_VARS['ValidUser'] = $ValidatedUserName;


The global declaration makes the value available on all pages. Session_start() starts the session.

Share this post


Link to post
Share on other sites
Right. Sessions as described above are stored entirely on the server, with no real way to get at them from the outside.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

GameDev.net is your game development community. Create an account for your GameDev Portfolio and participate in the largest developer community in the games industry.

Sign me up!