homepage Welcome to WebmasterWorld Guest from 54.211.34.105
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Session cookie insight
GryphonLeon

5+ Year Member



 
Msg#: 3406348 posted 3:26 pm on Jul 27, 2007 (gmt 0)

Hi everyone,

I'm hoping to gain some more insight in session cookies.

For a new website I'm developing, I've created a member section which allows visitors to sign up, sign in etc..based on sessions. For simplicity reasons, I'm only using the cookie based sessions, so if someone has cookies disabled, they can't sign in.

On EVERY (php) page of the site (somewhere at the top), I want to display something like "Join Now" and "Sign In" for not-signed in members (guests). For signed in members, I want to show their name and a signout link.

To accomplish this, at the very top of all php pages of the site, I start with a session_start(); so I can display the member's name on the page (or, when session data is not available, display the "join now" and "sign in" links. So far so good..everything is working flawlessly.

There's just one thing that I can't get out of my head:

When a non-member visits the site and has cookies disabled, PHP creates a session on the server and tries to send a session cookie to the visitor. Since the visitor has cookies disabled, the cookie doesn't get set. When he/she clicks on a link to browse to the next page, session_start() gets called again, but since the previous session cookie couldn't get set, a new session is created on the server..and again, the cookie can't be set.

Am I wrong by saying this can be a pain for the server? Let's say you have 10000 unique visitors a day and 100 of them have cookies disabled. The average number of pageviews per visitor is 10, so 100*10 = 1000 sessions are created on the server while they are not being used?

Or is there something I'm missing..for example, are those sessions being removed from the server instantly?

Also, while trying to find a solution, I came up with this:
At every php page, start with the following:
if(isset($_COOKIE['PHPSESSID'])) { // resume session for signed in members
session_start();
}

This way, if PHP can't find a session cookie, it doesn't create a new session on the server..(which can be done when someone signs in).

Does that look like a good solution? Or was I wrong in the first place?

Thanks!
Leon

 

vincevincevince

WebmasterWorld Senior Member vincevincevince us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3406348 posted 4:23 pm on Jul 27, 2007 (gmt 0)

I think you are right - although - you can change the garbage collection settings for sessions. Your method of checking for the cookie before starting the session makes perfect sense and is something I do myself.

Perhaps locally caching IPs who 'should' have a cookie and then not running session_start(); if there is no cookie from that IP on the next pageview would work as well?

In general however I've not seen this feature cause a problem (touch wood!)

GryphonLeon

5+ Year Member



 
Msg#: 3406348 posted 5:14 pm on Jul 27, 2007 (gmt 0)

Thanks vince!

you can change the garbage collection settings for sessions

True, good thing you mentioned it as it's something I'll have to look into. But, even if I changed those settings, useless sessions would still be created on the server.

Your method of checking for the cookie before starting the session makes perfect sense and is something I do myself.

Great, it did seem like a good solution, but I just wasn't sure enough as I've read several session tutorials online, but none of them covered it. I ran a few tests and it seems to work, but I wanted to see if others use it as well so I can be 100% I'm not overlooking something before changing it in every page (which would require some work).

Perhaps locally caching IPs who 'should' have a cookie and then not running session_start(); if there is no cookie from that IP on the next pageview would work as well?

I'm not sure if I understand completely, but wouldn't that method require more server resources compared to just checking for the session cookie?

Thanks again!

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved