Jump to content
xisto Community
Sign in to follow this  
frenz1405241519

Sessions, Setting, Unsetting, Reading and in combination w/ cookies

Recommended Posts

I am making a login script which atm uses a cookie to set login status.I would like to include sessionwise checking into this. And also an IP check, where i write the IP to database and later get it for all other pages and then check it up to the client for each page.I need to know the commands for:- getting an IP- Starting a session- Ending a session- Reading a session

Share this post


Link to post
Share on other sites

I am making a login script which atm uses a cookie to set login status.

 

I would like to include sessionwise checking into this. And also an IP check, where i write the IP to database and later get it for all other pages and then check it up to the client for each page.

 

I need to know the commands for:

- getting an IP

- Starting a session

- Ending a session

- Reading a session

 


IP Address

Getting User's IP - Use $_SERVER['REMOTE_ADDR'] variable

Sessions

Sessions seem to have been discussed quite a lot in this forum.

Naming A Session - use session_name('sessionName') to name your sessions whatever you want

Starting - Basically include session_start() on all of your pages in order to maintain an open session.

Reading Session - Use $_SESSION['variableName'] to either set or read your session variables

Ending Session - many ways to do it, whatever works for u...example below

$_SESSION = array(); // clear the universal variable to make sure	if (isset($_COOKIE[session_name()])) {		setcookie(session_name('SessionName'), '', time()-42000, '');	} // clobber the cookie if there is one	session_destroy(); // purge the session record	session_write_close();// not too sure about this <- someone can elaborate
That should do the trick with ending it, or at least it does for me.

 

Take a look at this thread as it has been already discussed in detail here http://forums.xisto.com/topic/88597-topic/?findpost=1064337165

Share this post


Link to post
Share on other sites

to that session ending script you pasted in Code, before the session_destroy() you could add session_unset() if you want to make it even better, but this is quite insane in my opinion. Anyway, just make sure that the session does not recreate after the logout or whatever you want. And be careful using sessions, I mean the session super global $_SESSION and the choice of its names, because of the registered globals on/off, which makes a lot of headache. :lol:

Share this post


Link to post
Share on other sites

Thanks for the info, im gonna use a mixture of all the methods to make a secure login script for my own page which has a news-system and a CMS, and i have made it all myself, and i think i shall finish it myselfBut i need some input on general login scripts, the layout.

Share this post


Link to post
Share on other sites

to that session ending script you pasted in Code, before the session_destroy() you could add session_unset() if you want to make it even better, but this is quite insane in my opinion.

 


I don't thats insane. That's actually quite sane thing to do. session_destroy() does not unset the variables, it just destoys the data. There is a difference.

 

 

 

Anyway, just make sure that the session does not recreate after the logout or whatever you want. And be careful using sessions, I mean the session super global $_SESSION and the choice of its names, because of the registered globals on/off, which makes a lot of headache. :lol:

 


Registered globals makes a lot of headache. Perioid. :lol: I strongly recommend everyone be it admin or web developer to go for registered globals off. I condired scripts that require registered globals on such a garbage that they deserve not to work.

Share this post


Link to post
Share on other sites

Registered globals makes a lot of headache. Perioid. :lol: I strongly recommend everyone be it admin or web developer to go for registered globals off. I condired scripts that require registered globals on such a garbage that they deserve not to work.


for me too, turn the register globals thingie off permanently..
pages created with register globals as off is way much secure ang stable that the register globals on modes.

---

i never forget to unset the session before destroying them. they produce strange effects on the server and scripting engine if they are not closed and destroyed.

some versions of php/apache allows me to destroy a session then unset while others just hang by using this commands in this order..

to place safe. i have put a small include file on all pages that unset all sessions and destroy them on the fly..

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.