Digital Paint Discussion Board
Development => General Development => Topic started by: jitspoe on May 16, 2007, 12:36:01 PM
-
I'm trying to figure out how to make sessions carry over from one php file to the next. For example if you login with login.php then go to someotherpage.php, a new session is generated, unless someotherpage.php is linked from login.php.
I want to be able to visit pages directly without having to first go through another php file. I tried session_name(), but that didn't seem to work. It still creates a unique session.
-
Create a cookie with the session id in it, then with every page, check for that cookie, and if it exists, set the session_id to that id.
Get it? :)
-
I was going to suggest a cookie, but surely Jits thought of that?
-
Will that carry over all the other information from the session, or do I need to store everything in the cookie?
-
Will that carry over all the other information from the session, or do I need to store everything in the cookie?
PHP Saves sessions to a folder, called tmp. So by loading a session, you load the data from it.
Its in the same directory that your www folder is in.
Bah. http://www.php.net/session
session.save_path string
session.save_path defines the argument which is passed to the save handler. If you choose the default files handler, this is the path where the files are created. Defaults to /tmp. See also session_save_path().
There is an optional N argument to this directive that determines the number of directory levels your session files will be spread around in. For example, setting to '5;/tmp' may end up creating a session file and location like /tmp/4/b/1/e/3/sess_4b1e384ad74619bd212e236e52a5a174If . In order to use N you must create all of these directories before use. A small shell script exists in ext/session to do this, it's called mod_files.sh. Also note that if N is used and greater than 0 then automatic garbage collection will not be performed, see a copy of php.ini for further information. Also, if you use N, be sure to surround session.save_path in "quotes" because the separator (;) is also used for comments in php.ini.
-
Ok, so say for simplicity I load the site and have a session id of "123". I log in -- enter my username and password, and the server stores my userid and password hash in a session file and generates a cookie that saves my session id of "123" to my local browser.
What stops somebody else from making a fake cookie that says "my session id is 123", loading the website, and being logged in as me?
-
Ok, so say for simplicity I load the site and have a session id of "123". I log in -- enter my username and password, and the server stores my userid and password hash in a session file and generates a cookie that saves my session id of "123" to my local browser.
What stops somebody else from making a fake cookie that says "my session id is 123", loading the website, and being logged in as me?
Store some info in the cookie, such as a md5 of the password, For verification.
-
usually you'd simply encrypt your session id, that's the easiest way. it still has some minor security issue, but it's what most sites use
-
usually you'd simply encrypt your session id, that's the easiest way. it still has some minor security issue, but it's what most sites use
Thats what I suggested to him last night, :-D