Forum Moderators: coopster
I want to create a username/password page. I understand that although possible, its better not to propogate the session through the URL. So I decided to use cookies.
So first
- Check to see if the session ID in the client cookie matches the session ID which is stored in the MYSQL DB.
-> If true, move on
- else I create a session and cookie using the following steps.
-> Create a random 25 alphanumeric string, store this in the clients cookie as well as the mysql DB.
-> Set the session to expire within t minutes
That i understood, its just that I'm confused with the functions associated with them.
// creating the session
//---------------------
session_name ("#*$!xxxxxx"); // Name the session first
session_start(); // start the session
$_SESSION['time'] = time(); // set session start time
// add the session ID to the the MYSQL DB.
// verifying the session
//-----------------------
$sesName = session_name(); // get session data [b](is this from the cookie?)[/b]
if( $sesName == <get MYSQL value>)
{ // do something }
else
{
Do_Login(); // function that asks user/pass and then statrs a session
}
Is this sequence/functions correct?
$sesName = session_name(); // get session data (is this from the cookie?)
session_name() [php.net] returns the name of the current session. If name is specified in the parenthesis, such as session_name("mysession"), the name of the current session is changed to its value.
Yes, the session name references the session id in cookies and URLs.
Is this sequence/functions correct?
Did you test it? :)
I want to create a username/password page. I understand that although possible, its better not to propogate the session through the URL. So I decided to use cookies.
How about force your session to use cookies? (session.use_trans_sid )
Then when your user can match a username with a password in your DB you can set a session variable to reflect this. All Done. I try to stay away from revealing anything in the URL.
