homepage Welcome to WebmasterWorld Guest from 54.166.113.249
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
php session instead of cookie
ahmed24

5+ Year Member



 
Msg#: 3981181 posted 11:22 am on Aug 31, 2009 (gmt 0)

I am currently setting a cookie and reading it like this:

setcookie("user", "Alex", $expire);

if (isset($_COOKIE["user"]))
echo "Welcome " . $_COOKIE["user"] . "<br>";
else
echo "Welcome guest";

How can I do the exact same thing but with PHP sessions so that as long as the current browser window is opened the session info will always remain?

thanks

 

coopster

WebmasterWorld Administrator coopster us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3981181 posted 11:56 am on Aug 31, 2009 (gmt 0)

You can use the session [php.net] cookie handlers.

andrewsmd

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3981181 posted 6:01 pm on Aug 31, 2009 (gmt 0)

Almost the same syntax. You just have to set your session variable where you set that cookie for username $_SESSION['user'] = $username;

if (isset($_SESSION["user"]))
echo "Welcome " . $_SESSION["user"] . "<br>";
else
echo "Welcome guest";

ahmed24

5+ Year Member



 
Msg#: 3981181 posted 10:27 am on Sep 1, 2009 (gmt 0)

thanks for your replies. will it be safe to store a users password in a session variable? i need to store the password so that i can log the user into certain applications automatically. or should i store it encrypted? and then decrypt it when needed?

omoutop

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3981181 posted 1:07 pm on Sep 1, 2009 (gmt 0)

its relative safe but take note that the sessions have a limited life span (around 20-25 mins by default if page is idle all that time if i remember correctly or until the user closes the browser)

you can change that of course
but you cannot relog the user on next visit. You will force him to re-login manually

andrewsmd

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3981181 posted 1:42 pm on Sep 1, 2009 (gmt 0)

If you want to save their log in after they close the browser for an extended period of time then you need to use a COOKIE. Also, for the security issue, you can store the passwords encrypted, but anything that can be decrypted can be hacked and someone could catch it. What I would recommend is having an encrypted session variable name with an encrypted value. Look at this php

//if the user is logged in set the variable to this
$_SESSION['userLogged'] = md5("loggedIn");

var_dump($_SESSION['userLogged']);

Just use their username to get their information, but check if that session variable equals that to see if they are logged in.

penders

WebmasterWorld Senior Member penders us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3981181 posted 10:53 pm on Sep 2, 2009 (gmt 0)

...sessions have a limited life span (around 20-25 mins by default if page is idle...

Yes, default value of session.gc_maxlifetime is 1440 secs (24mins).

andrewsmd

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3981181 posted 12:44 am on Sep 3, 2009 (gmt 0)

Also, you can change your session time (if you run the server that hosts your website that is). If you have facebook open it sometime and just leave it open and see how their sessions are. It's a really long time.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved