Been brain storming and researching to get 2 index file.php. One to save session and cookie value to database and the second one would call and echo the saved session and cookie value from database when user visits again. Anyone can help?
In PHP, the session value are store in $_SESSION, and $_COOKIE for cookie value. The process can be as simple as create one table that has column consist of userid, session and cookie value, and write your code to save into the table. After that in the next visit retrieve it from the table by the user id.
P.S.: Why you want to keep the session and cookie value in the database though? Take not ethat as long as the session or cookie value is not been deleted, the value will be there until the next visit.
I found this on github and tried bit the session info was not saved to DB
Session integration to DB
But i was finally able to get what i was doing wrong with my php code. I was able to achieve the task using this in my corresponding php files
<?php echo $_SESSION['userId'];?>`$Id = $_SESSION['userId'];`$_SESSION['userId'] = $Id;`
Related
I need to pass an array from one function to another.
I tried with session variables.
$array;
$this->session->set_userdata('array',array);
$array = $this->session->userdata('array');
but it does not work for older arrangements 2KB.
I read that you can not spend such a long array, that session variables are stored in cookies on the browser and does not allow more than 2 or maximum 4KB according to the browser.
I tried to serialize also. Any ideas?
Switch sessions to database, then you can store larger amount of data. See http://www.codeigniter.com/user_guide/libraries/sessions.html#database-driver for details.
You have two option on this issue.
Don't store every data in session. Store somthing unique.
Explenation: if your database having all the user data and you are trying to store all the in session. Its worthless. Just store user id with session time So when ever you need and user data you can call the session user id and send request to database and get the user information..
Can use session tables which provided by Codeigniter.
I'm trying to wrap my head around how Laravel handles session data without digging too deeply into the code, due to time contraints.
It appears that the session ID ('laravel_session', by default) which is stored in a cookie is encrypted, because it is a different, much longer value than I get if I print the value of Session::getId()
So I'm assuming that Laravel is encrypting this value before dropping the cookie, and then decrypting the value to do the session data look-up every time session data is required.
So I guess my first question is:
1. Why is the session ID obfuscated like this? I'm presuming that it is for security purposes?
Secondly, I see no 'user_id' (or similarly worded) key in the actual session data once it has been pulled from disk. In fact, the only thing I see aside from the CSRF _token value is some entry like 'login_42e5d2c566bd0811218f0cf078b76bfd' = 1.
2. What is this data responsible for?
3. Can someone please give me a brief overview of how Laravel associates the session data with a specific user ID?
Why are you digging into the session to get the user ID? You can have sessions without logging in - so user ID doesnt always mean something.
If you want the currently logged in user - then you should be using Auth::user()->id
I am a newbie to php.
I just learned that you can create a session variable for a user after his login such as
$_SESSION['id']=****some value(say 3)******;
and this session variable is maintained as long as he doesn't log out(i.e. you clear this session variable using session_destroy).
Now , I have a confusion that if another user logs in then won't this id variable be overwritten thus logging the previous user out?
If this is true ,then what can I do to resolve it?
PHP sessions are tied to a user by a unique (random) ID string, generated the first time you invoke session_start() for a user. That ID is stored in the client browser as a cookie (or possibly via hidden form fields/query parameters).
Even though $_SESSION is used throughout the code, the CONTENTS of that $_SESSION array are tied to a particular user via that ID string. That means if I hit your site, $_SESSION will contain my details. If you hit your site, $_SESSION will contain your details.
There should be no practical way for my details to "leak" in your session, or vice versa. Destroying my session will not destroy yours, because yours is a completely different session, with a different ID.
All sessions are tied to a unique session ID. This is typically set inside the user's cookie.
I would like to make my website to allow only one session at a time. For example, let say user has login to my website on firefox, if the user login again to another browser like opera on the same computer or different computer, the session on firefox will be destroyed. However, the session on firefox remained if it remains as one session. May I know how can I do that? I am using php and apache. Thank you.
Regards.
Benjamin
I'll suggest you to do something like this:
Suppose when user "A" loges in to the "Com_1", for the first time. Save a unique code in the database against that session, and same with the user session.
At the mean time if he (user "A") loges in again on "com_2", then check his status in the database and update the unique code in the database.
again back if same user (user "A") refreshes the page on "com_1", we all you need to do is check the unique code from the session and match it to the database, It is for sure it will not match, then log it out and destroy the session.
For keeping the user loggedin, even if browser is closed, you can store the cookie on the browser, and re-generate the session accoordingly.
Hope this helps. Thank you.
You can use the following algorithm
create an integer field in the databse userLoggedInCount
On each login increment that flag and store the result in the session.
On each request check the value in the database and the one in the session, and if the one in the session is less than the one in the DB, invalidate() the session and decrement the value in the database
whenever a session is destroyed decrement the value as well
Credits to Bozho because he posted this, answering to a question
here
Keep a central database table or text file of who is logged in at the moment. If a user is already logged in in another session, invalidate that session by setting the "logged in" flag to false.
I think you'd have to do something like that :
add a "last_session_id" column to your user table
when a user logs in, update its last_session_id field with its current session id
on each page, if the user has an authenticated session, check if the session id is equal to the one recorded in your database. If not, destroy this session.
Store session id in the database. retrieve last login session id from db, set session id using session_id(oldid) and change session variables related to authentication like $_SESSION['LOGIN']
and destroy the session and create new session with new session id. follow example for logic https://www.php.net/manual/en/function.session-create-id.php.
this will make the last login allowed. validate on each page session variables related authentication. this makes it session invalid because of this session_id reset by a new login.
Save users' IP=>SESSION_ID pairs in a database. When user try to load your page you must compare the actual IP=>SESSION_ID pair then allow/deny if the pair is ok/different.
Excerpt from http://php.about.com/od/advancedphp/ss/php_sessions.htm:
So how will it know it's me? Most sessions set a cookie on your computer to uses as a key... it will look something like this: 350401be75bbb0fafd3d912a1a1d5e54.
My question is, in PHP, how to generate a key (e.g., 350401be75bbb0fafd3d912a1a1d5e54) for a session cookie?
And when do we need such a key? Why not just set $_SESSION['color']='red' in the first page and retrieve in the second page with $_SESSION['color']?
how to generate a key (e.g., 350401be75bbb0fafd3d912a1a1d5e54) for a session cookie?
Just call session_start() for this. A key would be generated automatically
when do we need such a key?
when session starts, to distinguish one user from another
Why not just set $_SESSION['color']='red' in the first page and retrieve in the second page with $_SESSION['color']?
This is the way sessions works. You are encouraged to do it this way. Who says you can't do it?
When youu start a session in PHP using session_start it auto generates a session key.
Check the session section on the PHP manual http://www.php.net/manual/en/book.session.php
And when do we need such a key? Why not just set $_SESSION['color']='red'
in the first page and retrieve in the second page with $_SESSION['color']?
The key's a unique identifier for each user to your site. If everyone received the same session ID, then they'd all be sharing the same session ID. Think of what'd happen if your bank's website used the same key for everyone. The first person to log in would then have their account exposed to every other visitor.
You can store whatever you want in the $_SESSION array, but remember that if things were correctly configured, it's going to be a different array for every user, so only store whatever's "configurable" per-user. A color preference for a background, like your 'red' example is one. But don't store the name of your site, as that wouldn't differ for each user.