Creating User Sessions W/out Using Sessions
I'm working on a user management system where I can use the benefits of PHP sessions w/out messing with them. Basically, my idea is to have an entry created into a "sessions table" when the user logs in. The table contains such info as the user's id number and the date/time they logged in. When the user logs out, the entry is deleted. In each page/script, it checks to see if the user is logged in by checking the sessions table for an entry w/their IP address and the date, to make sure it is fairly current (unless anyone can think of a better way to check).
Now my delema....obviously, I don't want people that don't properly log out to have a session that could last weeks (depending on when they visit again). I am thinking a script that cleans up entries that are old would do the trick, but obviously I want this script to run say, at least once an hour. Obviously, I am not going to be able to sit at my computer and run this script every hour of every day. I was thinking of using the script and doing a cron job, but I think my host only allows one cron job per day...and only at night. Any thoughts??
View Complete Forum Thread with Replies
Related Forum Messages:
Current User Sessions
I'd like to add a "who's online" section to my home made forum. When a user logs-in they are given a session $_SESSION['user'] (containing their username) for the duration of their stay. How can I use PHP to list all of the currently active 'user' sessions that the system has created?
View Replies !
User Management Sessions
how to store the $_SESSION['*****'] variables. I have seen come code, but it isn't clear. . . what is the easiest way to use the $_SESSION for my custom variables: something like $_SESSION['username'] = 'John Henry'; $_SESSION['userlevel'] = 'orange'; I understand I can send them from my login form using $_POST, but how do I set them??
View Replies !
Multi Sessions User
how to use a multi sessions user within php. In fact what I try to do is if someone try to log on the system many time on diffrents computer he should receive an error message that he can't log only once on the system.
View Replies !
Sessions, User Tracking
I am attempting to build a secure login system. Upon successful login each user (4 user levels) will be directed to the specific area of the site. I have built most of the forms/features these users will be working with. The information on this site is sensitive, so I have been researching MD5 encryption, sessions, and cookies. I will need to track user actions throughout the site. Basically when user add/modify/update information in the database, I want to know who did it and when they did it. I am hoping this can be accomplished using sessions with php and mysql. The system should also keep record of every time a person logs in. I have downloaded scripts, searched the web, php.net and can’t seem to understand the correct and most secure way to make this happen.
View Replies !
Security With User Input And Sessions
I have two sort of related questions, if anyone would be so kind as to answer: 1. When I do an form for input (into a database) that is used for subsequently displaying on a web page, is there a function written to parse out all dodgy stuff, like putting HTML tags that could break the page, or filter out SQL that could corrupt or invalidate the entry or is there a regular expression that someone has already done to cover all areas? 2. If I am displaying data from a database and using sessions and the like, should I be putting something like this in my code (I found it in the php manual): header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // past header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header ("Pragma: no-cache"); // HTTP/1.0
View Replies !
Sessions - Remember A User Is On The Site
I am building a members section for my site and I was curious what the best way to go about remember users would be. The site I'm working on is mainly an information site which will have the ability for people to login and view reviews on products and also allow manufacturers to login and upload information about their products. I was curious how I should remember a user is on my site. Currently, I have a $_SESSION[''] variable that remembers them but when they open a new browser it forgets them. Also this posses problems if they are still viewing my site but want to have 2 browsers open while on my site. Is this the best method? Also considering they login - they will have to relogin everytime they come back to my site. This makes me wonder if I should use cookies. I have never used them before. Would they be the best solution? Are they secure? Any information would be great.
View Replies !
Display Form Only Once Per User Using Sessions
I'd like a form with four questions to appear on each page of my web site, but only once per page. At the moment, if someone visits a page twice they get a questionnaire about it again. Is the a way to use PHP sessions to remember not to display the form if it has already been used?
View Replies !
*SECURE* User Authentication Using Sessions.
I'm developing a member-based web site and I'm using a combination of PHP and MySQL. The way I currently have it set up is the user enters his username and password and the form handling script verifies the username and password and sets a session variable named "$verified_user" equal to the user's username. In each page that requires membership, I insert the "session_start()" at the top of the document, and then include an if statement such as: if ($verified_user) { // Display content } else { You need to login. } This works perfectly, but I have found a security issue with this method. If the person is not logged in, they can simply append the variable "$verified_user" to the URL and set it equal to whatever they want. Such as: http://www.mysite.com/topsecret.php3?verified_user=root How do I implement a SECURE method using sessions?
View Replies !
Problems With Sessions - User Login
I have problems with sessions. It looks like the session variable "MM_UserID" is not passing from one page to another. I created a login page (login.php) and built the form and added dreamweaver mx's login behavior to it.I then created a user info page (login_success.php)which users reach right after logging in that displays several bits of information from their entry in the database table. When I login, the login is successful but no dynamic data (the user's info) is displayed on the user info page. The codes for both the login page and the userinfo page are below:
View Replies !
Sessions - User Is Logged In. But What If A Whole Different Page.
say i set $_SESSION['login'] = 1; so a user is logged in. but what if a whole different page. has a login thingy and also sets $_SESSION['login'] = 1; does that mean the user can just go to that page. w/o needing to log in when he's not supposed to be able to access that. since his session already started on a different page on which he's logged in, so $_SESSION['login'] =1 already.
View Replies !
Deleting Sessions If User Restarts
A user submits a form and thus a session has been created. What I want to do is if the user presses the back button or decides to re-submit another form, it'll overwrite the current one. How can I do this ?
View Replies !
Secure Site User Sessions
What I want to do is make a website im working on more user friendly, so ive completed the registration and login side to the site, but i need advice on what to use from here?, im using sessions at the moment while the user is logged in, but some people say there not to secure?, then I see things about HTTP authorization?, and also cookies?, im confused........ My question is, what is the most secure and reliable thing to use as users login, and go about the website?, what do most of you use?.
View Replies !
Using Sessions To Hold User Data Once They Are Logged In.
I am writing my first CMS from scratch and am using sessions to hold user data once they are logged in. The problem is that the session data is not retained unless a username and password is passed through the URL. For example, if I go to index.php no session data is loaded, but if I go to index.php?username=this&password=that then the session data is loaded. But passing this through the URL sort of defeats the purpose of having sessions. So how do I set the session variables without having data passed through the URL? I have three functions: login() grabs the user data from the database and loads it all into session variables; authenticate() sees if the user is logged in and returns the appropriate boolean; and display_session() displays all of the session data. I have made sure that I only call authenticate() after login() has successfully ran, so the session data set in login() should be reatined for authenticate(). Here is the code:
View Replies !
Forced User Logout / Cancel Sessions And Cleanup
Currently I use a timestamp to log users out after 15 minutes of inactivity. However I also need to log a user out if they have just left the page. I need to do this because I store current online users in a database, allowing a maximum of 5 users at one time. I have been looking through the php manual and came across session_cache_expire(). This isn't doing what I need either. Am I going in the wrong direction with this? Basically my question is, is there a way to log a user out (and clear my user_online database) if they just leave the page?
View Replies !
PHP Sessions - User Login Webpage - Preventing Autologout Due To Inactivity
I have a website where users can log into. This users sessions as I believe most people use when implementing a login section of a website (each php page first checks a valid parameter has been set to authorise that the user has logged in and if it is not found it redirects the user to the login page). I have my code and it works fine, however on the live server, after a period of inactivity the user will be logged out automatically. However on my test server this is not the case and the user remains logged no matter how long they have no activity for. The exactly the same code is in place on both servers, just the servers are from different providers so I assume set up differently. What could be set up differently on the servers to be causing this difference in behaviour and what can I do to override it? In an ideal world I would be able to control the amount of inactive time before I user is logged out automatically.
View Replies !
Good System For Controlling Username/password Authentication And User Sessions In PHP?
I am starting to develop a scientific website, deployed on a Linux-based Apache web server, using PHP and mySQL to display interactive web pages. I would like to create both public and private sections of the website - the private sections policed by some kind of user authentication login system. I was wondering if anyone can recommend a good system for controlling username/password authentication and user sessions in PHP? I understand that there are some freely available scripts out there which can handle this for you and provide administration pages where you can add/remove users etc.
View Replies !
How Do Different Sessions Work? Multiple Sessions
I use a messageboard which uses sessions. I have a login script which uses sessions. I have a charting app which uses sessions. How does PHP handle this? Does it create three different sessions or is everything handled by the one session file? In other words, is it working like magic and I don't need to worry about it. What I'm confused with is that at the start of the login script there is a start_session() and other session related stuff. On logout, the session is destroyed. Now does this affect the start_session() of the other scripts?
View Replies !
Sessions Help
I am getting strage problems with sessions - actually rarely used them before. I am basically just testing passing a session variable from one page to another. Everything works great when uploaded to my hosting server but not when used locally! Locally I am using Apache 1.3.20 and Php 4.0.6 on win2k with browser IE6 I am using the simplest session setup - PAGE 1 session_start(); $_SESSION['name'] = "Kevin"; echo $_SESSION['name']; Then a link to the second page - PAGE 2 session_start(); echo $_SESSION['name']; As I said everything works great on the hosting server but not locally. I have looked at the output from phpinfo() on PAGE 2 and it shows that the session is being created and even has a value - PHPSESSID=4c0ba2b373b1faf9dfd0c1c98705dfa0 This value showing in HTTP_COOKIE , Cookie and HTTP_SERVER_VARS["HTTP_COOKIE"] The sessions are stored as cookies and if I look in the php/temp directory yup they are there! So it looks like the sessions are being started, store the data in the cookie ok but are not being read on PAGE 2. As I mentioned on the hosting server it works great. Can someone please give us a clue why it isn't working locally? thanks Kevin PS I also tried including a session_register('name') as well as the older $HTTP_SESSION_VARS["name"] = "Kevin";
View Replies !
Sessions That Do Not End?
Does anyone know of anything that would make a session constant even after a user ends the session by closing the browser? I am using sessions to assign users unique id's and when the user comes back to the site, they are being assigned the same session id, therefore making the entire concept useless.
View Replies !
Sessions And IE5 Or 6?
I had sessions working just fine and then all of a sudden they stopped working. I'm wondering if IE5 or 6 handles sessions differently. Anyone had a similiar experience? If not I guess I'm back to the drawing board. If anyone can help me get started with the proper way to start a session I would appreciate it. What I have is a session id and 2 variables. It seems that I can log in and the session is started but when I click on a link on the username page it forgets about the session that was created and I'm back on the login page again with no tracce of the session. <?php session_start(); session_register('username'); session_register('isloggedin'); if (!isloggedin) { loginmenu(); } else { usermenu($username); } ?>
View Replies !
Now You See It, Now You Don't Sessions
This one has me completely stumped. I have a simple site where I'm using sessions to keep track of some information across multiple pages. The trouble is, when I go to a page that displays the information, sometimes I can see the information and sometimes I can't. If I refresh the same page, the information may appear or not in a completely random manner. And nothing is writing to the session variable anywhere in the page. I have displayed the information and it is definitely not there when the information does not appear. I have checked the session id and it remains the same regardless of whether the info appears or not. The code runs fine on my local server (PHP 4.3.2) but not the ISP's server (PHP 4.1.2). My question is - What on earth is going on here? - And if the info is wiped out of the session array on a particular page request, how does it reappear at some random page refresh? Any ideas or thoughts from anyone would be greatly appreciated.
View Replies !
Sessions And CLI
Im currently working on a collection of scripts that will work in command line only. Im using the latest version of PHP. Ive got problems figuring out how to start a session with a specific session_id. Maybe im doing something wrong here, but ive got no idea what. It seams that if I call session_start($id), where $id is a sessionid that i know for sure was already registered earlier, that specific session does not get initialized. See this simple test script PHP Code:
View Replies !
Sessions+ssl
we are using apache OpenSa, with php on a win2k machine, we are having problems with sessions, the sessions are working under the normal apache server,, however when we use the OpenSa ssl component it wont work properly,,,we get the following errors,,,any ideas? Warning: open(/tmpsess_50ca39a0d25cd9d3b98290de9a5379d5, O_RDWR) failed: No such file or directory (2) in Unknown on line 0 Warning: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 i have created the session file in the php folder and put its path into the php.ini file,
View Replies !
Sessions / PHP 4.3.1
I have a website, to which members must "log on" to gain access. The sequence of pages is as follows: 1. index.php Contains form for username/password 2. login.php starts session <? session_start(); session_register("user_id"); session_register("logged_in"); ?> validates authentication A - if "ok" i. sets $user_id and $logged_id ii. goes to membersArea_frameset.php B - if fails - goes to an error page This setup normally works fine, for 99% of visitors. However, every day i get a few emails from people who receive an error message saying that the session has expired, rather than a successful login. Each page (including the above frameset page) has an include of 'session_check.php'. The contents of the file is: <? if ($logged_in != session_id()) { echo "<script>self.location='error.php?error=2'</script>"; exit(); } ?> For nearly all visitors, the above setup works fine. Any ideas why some people are told straight after successfully logging in that their session has expired? This is really worrying. I can't figure it out. Have I not set up the sessions correctly? PHP - Version: 4.3.1
View Replies !
PHP Sessions And IE6
I have a website (e.g. www.mainsite.com) with a MySQL database and I use PHP for members to login, adddel records. Their UserID is recorded in a session variable. I have a second website where the files are located at www.mainsite.com/subdirectory/ and I use framed web forwarding from my ISP which makes it look like www.secondsite.com is actually the contents of this sub directory. I do this because www.secondsite.com is a customised website for that company but accesses the same database. With IE5 when you login to the database via www.secondsite.com it works fine but since i've upgraded to IE6 it gives me a login error. And I remember there is some new Cookie security thing from Microsoft.
View Replies !
Sessions!
i need to create something that will keep the username in 'store' so that it is available to any page on my site that has the members area 2) i need to have code that checks if the 'store' is there, and if the username is in the MySQL db if its there, i need it to display the page content if not...i need it to display a "You are not a member or bad password"
View Replies !
Sessions - SID
I use sessions, if the user doesn't have cookies enabled the query string ?SID=xxx will be at the end of every URL. But...when the user does have cookies enabled this still happens for the first page, an example of a session (urls): http://x.com/ http://x.com/alinkfromxcom/?SID=xxx http://x.com/alinkfrom_alinkfromxcom/ Just a session id on the first link clicked on then it goes away... Does anyone know why?
View Replies !
Is Sessions With 4.1 Different Than >4.x
I've run into some trouble sessions and it seems to be when I upgraded php to 4.1 Is there some documentation that describes the different coding you should use for versions less than or greater than 4.1. Currently I 'm using this main log in page session_start(); $_SESSION["userid"] = "$userid"; $_SESSION["departments"] = "$departments"; and then on every other page I have this at the top session_start(); pretty straight forward if you ask me but for some reason it doesn't want to work and i was just wondering if there was new things that I wasn't aware of.
View Replies !
Ie6 And Sessions
i have a problem with ie6 and sessions in popups. When i open one popup, the session opens as usual, but if i open second popup from the first popup, the session is gone. Has anyone expirienced something similar? anyone knows how to solve the problem?
View Replies !
Sessions In Php 4.1
Our server upgraded to PHP 4.1 on 12/21/01 and now my sessions are not being globally set. 4.1 deprecates session_register(), but still supports it if it is enabled in php.ini which it is on my server. The /tmp is correct and and this smae exact script works on my desktop server using 4.05. When I login to my CMS from an index.php, it opens to the default page, but if you refresh or go to any link, it loses the registered login variables. Anyone else having similar probs? PHP Code:
View Replies !
Sessions Being Ignored
I have my page so that once you login it registered the session variable "logid." This is how I track to see if the user is logged in. This works all well and fine until I try to access that variable from a document thats not in the same directory as the other pages. What am I doing wrong?
View Replies !
Sessions And IE6
Anyone having problems with IE6 and sessions? I have a website with an area where people login and can view numerous pages. They are tracked using PHP sessions and this has worked fine up until this week when a couple of users have reported problems and they both use IE6. They login and once logged in, click on a link to view another page and they are taken back to the login page (which is supposed to happen if a user is not logged in).
View Replies !
Sessions And AOL
I have a site where users register and log in. All the data is stored in a MySQL database. When a user logs in, the username and password is checked in the database and if all ok I set a few sessions. Then at the top of each page I simply check that the sessions have been set and carry on. All this works fine except for users on AOL. They log in but straight away are told that they need to log in. After many weeks of testing different things I'm still confused why it doesn't work. I created a some test scripts as follows to try and get sessions working... aolphpsetup.php <?php ini_set('session.use_trans_sid',1); ini_set('session.use_cookies',0); ?> aolinclude.php <?php if ($_SESSION[s_check1] == 4) { $another_check = "1"; } else { $another_check = "0"; } ?> aoltest.php <?php include("aolphpsetup.php"); session_start(); $_SESSION[s_check1] = "4"; ?> <body> <form name="form1" method="post" action="aoltest1.php"> <input type="submit" name="Submit" value="Click Me"> </form> </div> </body> aoltest1.php <?php include("aolphpsetup.php"); session_start(); header("Location: aoltest3.php?".SID); ?> aoltest3.php <?php include("aolphpsetup.php"); session_start(); include("aolinclude.php"); ?> <body> $_SESSION[s_check1] = <?php echo $_SESSION[s_check1];?><br> $another_check = <?php echo $another_check;?> </body> When running aoltest.php you should click the button and the output via aoltest3.php should produce as expected but it doesn't with an AOL user. I'm using PHP version 5.0.4 and below is the settings of the sessions in my phpinfo.. session Session Support enabled Registered save handlers files user Registered serializer handlers php php_binary wddx Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 Off Off session.bug_compat_warn On On session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 1000 1000 session.gc_maxlifetime 1440 1440 session.gc_probability 1 1 session.hash_bits_per_character 5 5 session.hash_function 0 0 session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path /tmp /tmp session.serialize_handler php php session.use_cookies On On session.use_only_cookies Off Off session.use_trans_sid 0 0
View Replies !
Sessions Again
In Win32, php4: (I don't have access to the php.ini file.) With 'session_start()', how do I avoid the complaint "PHP Notice: A session had already been started" ? Without 'session_start()', I get the "Undefined variable: _SESSION " complaint.
View Replies !
PHP Log-out And Sessions
A friend of mine gave me a snippet of a session code that he uses and I've modified it to fit my site, and I can successfully login to my members page. But, I came across another issue and I'm not exactly sure how to approach it, I have a good idea, but thought it would be good to check with you guys (still a hair confused with sessions ). I had a couple friends of mine login using my test account to make sure that the page was displaying properly in different browsers and one of my friends just copied and pasted the url to the members page and was able to view the page just fine, but had a warning about the session.php and it's function. Anyways, what I could make out of it, was that as long as you had the session started on your computer, you could just get right in, and that the same account could be logged in by multiple computers (there were 3 of us at the same time under the same account). So I need to write a piece of code to limit the number of users able to login to one account to 1 and then, if they should exit the page, it logs them out... Here is the session.php that I modified: Code:
View Replies !
Sessions?
I have a members system on my site and I have a logon on my index page and when a user logons on it redirects the user to another page saying that they are loggod on. I need the index page to say that they are logged on on the index page. I dont know much about php but i think what I am trying to say is I need the session to also be on teh index page alos what do I do?
View Replies !
Still Sessions
I get these error messages when trying to start my sessions: Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:Program FilesxampphtdocsLoginhome.php:5) in C:Program FilesxampphtdocsLoginhome.php on line 6 Code:
View Replies !
PHP Sessions And IE7
All these pages work perfectly on IE6, Firefox, Netscape etc, but I have come across a problem when testing them on IE7. Here's the problem: I have a web based system where a user logs into the site. Upon signing in, a number of $_SESSION variables get populated with data, so that the subsequent pages know that he is allowed to visit them, and who he is. Code:
View Replies !
Php And Sessions
We have been experiencing a lot of lag in one of our sites so I took a look at all the open ports and it looks like every time someone clicks to go to a new page on our site it opens up another connection. So we will have 100 open connections from one IP with 99% of them being in "Time Wait" status. How do we fix this where it keeps the same connection or it immediately kills the old one when once it’s finished?
View Replies !
Sessions In URL
why a session is being appended to a URL In my code I have some hard code links like, /page.php?xPage=how-to-order.html But in the browser it is showing it like. http://www.domain.com/page/15cebe915...w-to-order.htm . Is there a settings in the php.ini doing this.
View Replies !
Little More On Sessions?
I have a PHP page tha contains a form. Users enter data in the form, which are then written in a file (the file is created at the time a user enters some data) The file is then given as an input to an external program The external program runs and gives some results which are then stored in another file (that is created when the external program finishes). Code:
View Replies !
Run Sessions
I have been reading up on php.net but I still don't fully understand it. How do you go about keeping a login running through session data? (I'm currently just making users Auth themselves every time they do something which is very irritating).
View Replies !
Using Php Sessions
i need to make my site so that a user can logon to it and be able to go from one page and enter some details and then go to another page and enter some more details, and then to complete the process they go to another page and the details they entered in the past 2 pages are written to the same record in a database. How would i do this, would i use sessions so that a user could go onto both pages in the 1 session and have all that data from the session written to a database. Code:
View Replies !
No Sessions
when signing in and after being passed from the loginscript.php to the search page, it auto sends the user back to index.php. It shouldn't b doing this, as I thought I had set my sessions up correctly. What have I missed.? loginscript.php: PHP Code: <?php $db = mysql_connect("localhost", "root", "grunger"); if (!$db) { Â Â echo "no connection because " . mysql_error(); Â Â exit; } mysql_select_db("status", $db); $username = $_POST["username"]; $password = $_POST["password"]; $result = mysql_query("SELECT customer_id FROM Customers WHERE customer_username = '$username' AND customer_password = '$password'") or die (mysql_error()); $myrow = mysql_fetch_row($result); $customer_id = $myrow[0]; $_SESSION['customer_id'] = $customer_id; ..............
View Replies !
New At Sessions
I am using PHP 4.3.1 with register_globals off. I want to pass information from one page to another and want to start a session for this using: session_start() at the beginning of my page searchresult.php However, I get the following error: Code:
View Replies !
|
TRACKER
