I have user information that I stored in array session (only when user successfully login). When I update the user information using my web form, I realized that the user information that stored in session is not up to date with the database value.
Does that mean the session only memorizing those assigned data once till it meet with a function that replacing the data stored in session? So if I want to get the updated data from database, I need to keep re-assigned back the data session?
EDIT
I have this code in my Homepage_controller to fetch user information when they successfully login and store in session.
$_SESSION['user'] = $this->Homepage_model->fetchUser();
Then user will be redirected to profile page which is using different controller User_account_controller and from this controller I used to update user profile and will keep using the $_SESSION['user'] that been set from the Homepage_controller
As I can understand your post you are assigning session variables on login.
While you are logged in you change the data in database and want to update session variables?
If so you need to query database, retrieve new values and assign to session variables again.
Related
If a session id is stored can it be used to alter session data such as an array variable?
I am working on a project for a login system in PHP where the login authentication comes from an out-of-band source (mobile app or browser extension).
The browser page will use JavaScript to continuously request the login state from the server. The user will scan a QR Code on the page for example, and their phone will post their authentication by API to the server.
I would then like to alter the $_SESSION data associated with the session on the page that was issued with that specific QR Code. I can know the session id which issued that specific QR Code which data was returned by the mobile QR Code scan, but can I use the session id to modify the session data, so as to set the SESSION state to logged in?
I have looked through the PHP manual for a function that would allow this to modify another session but didn't find anything. (https://www.php.net/manual/en/ref.session.php)
in view set textbox value with $_SESSION id,
and when action, update data SESSION with id to database.
What you do is you set your session_id to the id data you want to edit then change the session values.
session_id('the id you have');
session_start();
$_SESSION['anydata'] = 'whatever you want';
Currently, I try to implement that only one user can be online simultaneously on the same account. There are solutions which prefer to store the session id and compare it to the current session id. But I have problems to understand how it should work.
So I store the session id after the user's login was successful. Now I am trying on another client to log in on the same account. It is not possible because the current session id is not equal to the stored id. So what happens if ...
1) Using logout button
The user uses the logout button. The session is destroyed. I reset the stored session id to "" or something. If the stored session id is "" a client can log in on this account. Is it right?
2) The browser is closed
Closing the browser without using the logout function. There is still a session id stored. I can not log in with this account because my current session id is not equal to the stored session id. So how can I realize a re-login?
i believe you can solve that problem simply by storing a variable in a user field database to indicate it's been logged in.
I have a table with colname(INT) which i would like to pass its value to use with my $_SESSION variable
What i want to do:
I want all my protected pages not to viewed more than a certain time which would be determined by the value of a colname(INT) use with $_SESSION.
SOLUTION:
Just to determine/limit how long a user spends on all protected pages active or inactive.
You can try this link
How to set session timeout code in PHP
Also, I don't see a point why you are storing password in session (Register username and password as session variables). You can validate the login credentials from DB and only then store some data about the user in session.
OK as I understood your question you want to restrict a user to view a particular page only for few times.
You can do that by saving the views in database that is OK.
And you want to store the views in $_SESSION as the user login.
You can do that as follows:
if(login = success)
$_SESSION['viewCount'] = mysql_query("SELECT views FROM user WHERE userId=".$username.";");
I hope this will help
I would like to make my website to allow only one session at a time. For example, let say user has login to my website on firefox, if the user login again to another browser like opera on the same computer or different computer, the session on firefox will be destroyed. However, the session on firefox remained if it remains as one session. May I know how can I do that? I am using php and apache. Thank you.
Regards.
Benjamin
I'll suggest you to do something like this:
Suppose when user "A" loges in to the "Com_1", for the first time. Save a unique code in the database against that session, and same with the user session.
At the mean time if he (user "A") loges in again on "com_2", then check his status in the database and update the unique code in the database.
again back if same user (user "A") refreshes the page on "com_1", we all you need to do is check the unique code from the session and match it to the database, It is for sure it will not match, then log it out and destroy the session.
For keeping the user loggedin, even if browser is closed, you can store the cookie on the browser, and re-generate the session accoordingly.
Hope this helps. Thank you.
You can use the following algorithm
create an integer field in the databse userLoggedInCount
On each login increment that flag and store the result in the session.
On each request check the value in the database and the one in the session, and if the one in the session is less than the one in the DB, invalidate() the session and decrement the value in the database
whenever a session is destroyed decrement the value as well
Credits to Bozho because he posted this, answering to a question
here
Keep a central database table or text file of who is logged in at the moment. If a user is already logged in in another session, invalidate that session by setting the "logged in" flag to false.
I think you'd have to do something like that :
add a "last_session_id" column to your user table
when a user logs in, update its last_session_id field with its current session id
on each page, if the user has an authenticated session, check if the session id is equal to the one recorded in your database. If not, destroy this session.
Store session id in the database. retrieve last login session id from db, set session id using session_id(oldid) and change session variables related to authentication like $_SESSION['LOGIN']
and destroy the session and create new session with new session id. follow example for logic https://www.php.net/manual/en/function.session-create-id.php.
this will make the last login allowed. validate on each page session variables related authentication. this makes it session invalid because of this session_id reset by a new login.
Save users' IP=>SESSION_ID pairs in a database. When user try to load your page you must compare the actual IP=>SESSION_ID pair then allow/deny if the pair is ok/different.
So I currently store a token and user ID whenever a user logs in. The token is stored in the user table and in a COOKIE.
So user 1 logs in and the following details is stored in a COOKIE and database on his
computer:
id
randomly generated token
whenever he logs in a different token is generated.
To authenticate the user, everytime he accesses my site, I check to see if the token matches with that stored in the database for the specific cookie.
But the problem is that constantly checking the database is a waste of resources but how do we make sure that user is who they say they are? I can't just store his ID in a cookie because he could easily change the ID and get access to another user's information.
thanks!
Could you use a $_SESSION variable such as: $_SESSION['id'] = $randomstring;
Then at the top of each page check if the variable is set:
<?php if(isset($_SESSION['id'])) $loggedin;
else $logout;
?>
Use session_start() which handles the logistics of checking the cookie and validating that the data is actually for that user's session.
You have to start the session before you can use $_SESSION but that's one way to store session data.
http://php.net/manual/en/function.session-start.php