NYCPHP Meetup

NYPHP.org

[nycphp-talk] Session Thoughts

Mark Armendariz nyphp at enobrev.com
Fri Oct 31 11:47:16 EST 2003 

Here's how I do it in my login class:

Store ONLY a user ID and any information that you query on EVERY page in the
session.  Everything else should be able to go into a users table of sorts
and be queried when needed.

Set a remember_me cookie with an md5 made up of a good combination of the
user's login, password and datetime they signed up.  The date/time ensures a
good variable result and the user / pass combination when used in your query
will be specific to the user.

In the top of your site files (an app_top or config or whatever), run some
sort of:
if (!logged_in) {
	check_for_login_cookie();
}

Whenever user updates their profile, be sure to update their session info
and cookie.

Also, make sure to provide the option of staying logged in, in case they are
on a public system, like a library or at work.

----------

I suppose if you have your own session management, you could also save the
session_id in a cookie and have it pick up where it left off, but I've never
tried it.. Just a thought.

Good luck!

Mark

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Jim Musil
Sent: Friday, October 31, 2003 11:32 AM
To: NYPHP Talk
Subject: [nycphp-talk] Session Thoughts


Hi,

I'm looking for some general guidance from those who may have gone down this
road before.

I'd like to be able to use PHP's Session functionality while a user is on my
site to save whichever preferences and other data the user chooses. Since
Sessions by definition end, I need to bring them back once the user comes
back.

It's a pretty simple structure to describe:

1. User comes to site.

2. Site checks for cookie or asks for log in. If either, then site restores
session data. If neither, then start anew.

3. User uses site to heart's content. New Prefs and data are added to
session and saved until next return.


The big question in my mind is whether this needs to be stored in a database
or can I just move the session files to storage directory?

How do I ensure that the new data and prefs is stored?

Can I just choose to not expire my session files?


Thanks for your thoughts!

Jim Musil

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk

More information about the talk mailing list