If I'm going to use sessions, I understand how to start them etc, but is it possible to have them "alive" for 24 hours? With the cookies, I was able to, once the user logged in, keep them logged in for 24 hours. As it's an application we are providing for our customers, one of the things I'm able to stipulate is that they have IE6 & Cookies turned on! Any thoughts? Cheers James > -----Original Message----- > From: Sudeep Zamudra [mailto:sudeep_zamudra@xxxxxxxxx] > Sent: 09 October 2004 09:14 > To: James Nunnerley > Cc: php-windows@xxxxxxxxxxxxx > Subject: Re: Cookies! > > Hi James, > > Php on IIS or PWS are known to have problems with session and > cookie. Try using session instead of cookie. That's the safest way. Also > anyone can disable cookies on the client side where by your login > authentcation may fail. So best way is use session instead of cookie. For > details pls refer "php session handling" in the php Manual. > > ....SuDeEp.... > > James Nunnerley <webmaster@xxxxxxxxxxxxxxxxx> wrote: > I'm trying to create a simple login script for user to the web application > I'm > writing. I previously wrote it for using PHP4 & Apache, however I've > recently > had to move to IIS5, and also upgraded to PHP5. > [script] > if (isset($_POST["username"]) AND isset($_POST["password"])) { > $res=mysql_query('SELECT username, password, agent_id FROM user where > username="'.$_POST["username"].'"'); > if (mysql_num_rows($res)==0) { > $message="Username does not exist."; > } elseif (mysql_num_rows($res)==1) { > while ($user=mysql_fetch_array($res)) { > if (strtolower($user["password"])!=strtolower($_POST["password"])) { > $message="Incorrect Password."; > } else { > setcookie("username",$user["username"],time()+31449600,"/"); > setcookie("agent_ID",$user["agent_id"],time()+31449600,"/"); > setcookie("logged_in",time(),time()+60*60*12,"/"); > header("Location: http://".$_SERVER["HTTP_HOST"]."/";); > exit; > } > } > } > } > [/script] > > The above works fine on Apache, but on IIS, it would seem no cookie is > set. > I've found something suggesting I change php.exe to nph-php.exe - is this > true, > does it work - it seems a little drastic - is there another way around it? > > Cheers as ever > Nunners > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
