Re: session newbyness...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



--- Tony Di Croce <dicroce@xxxxxxxxx> wrote:
> I have some general question about sessions... Actually, about
> PHP's built in session support.
> 
> Do I need to call session_start() in every script that needs
> access to $_SESSION[]?

Yes.

> Would it cause any problems if I do?

What sort of problems?

> If not, am I supposed to just call it once on the login page
> for my website and then thats it?

No, see above answer. Call it in every script that needs to use $_SESSION.

> I think I would like to store a user id in my $_SESSION[]
> global. If this variable is set, I will consider this session
> "logged in". Is their a secure way to do this?

Sessions are pretty secure by their very nature, since session data is
stored on the server and not subject to exposure like most other data.
There are still a few security concerns, and I address a few of them in
this article:

http://shiflett.org/articles/the-truth-about-sessions

> When session_start() is called, this function sets a cookie
> in this browser with a unique value that is bound to a set
> of globals (IE, the contents of $_SESSION[]). When subsequent
> HTTP requests have this cookie attached, the correct set of
> $_SESSION[] variables is loaded... Everything right?

That's close enough. It misses a lot of details, but there's nothing
terribly wrong with your description. You can fill in the gaps and correct
minor details as you learn more. The article I mentioned gives a brief
introduction to the fundamentals, so it might clarify some things for you.

Hope that helps.

Chris

=====
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly     HTTP Developer's Handbook - Sams
Coming Soon                 http://httphandbook.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux