A short tutorial in W3schools about PHP Sessions writes the following:
When you work with an application, you open it, do some changes, and then you close it. This is much like a Session. The computer knows who you are. It knows when you start the application and when you end. But on the internet there is one problem: the web server does not know who you are or what you do, because the HTTP address doesn't maintain state.
Session variables solve this problem by storing user information to be used across multiple pages (e.g. username, favorite color, etc). By default, session variables last until the user closes the browser.
So; Session variables hold information about one single user, and are available to all pages in one application.
I would like to ask you if there is something similar in Zoho Creator. The reason why I am asking is because I have an application with 3 pages (each page has an embedded form). Each page redirects to the other (1st Page -> 2nd Page -> 3rd Page) and passes data through them via openurl. The final result is an HTML Page with the data of these 3 Pages (they have a unique ID).
Let's say that I am in the second page and for some reason (electricity blackout, do another job and close the browser) I want to escape from the application and the next time to continue from the same point, is there any way to do that??
I can suggest you next way
On first page generate unique session Id for the user and pass this id as a parameter to next page in URL. You can crypt in this id pointer to record from first form for example..
Related
So I am aware of these two common ways of passing variables across php pages.
1. PHP SESSIONS
I understand that $_SESSION is a php global variable that can hold variables across php pages during the session of the browser.
It works well but my concern with it is if a user for what ever reasons, decides to type the url of a page or goes into their history and accesses a url page for the website, the $_SESSION variable may not be set, if it was expecting the user to get to this page from a set route/path.
In addition, if a user goes into another page, and the page sets an already defined $_SESSION to another value, and then decides to go back to the previous page, the $_SESSION variable is not correct for that page, causing many errors.
2. URL passing
This is by far the most reliable in my opinion. The only concern I have with this, is the pages can get rather messy with long URL's.
page1.php?postId={variable goes here}
passing 4,5 or 6 variables can get a bit messy, I also need to encode then or encrypt them. The URL can get rather long, and I am not sure how I feel about passing variables across the URL.
My Question:
What is the best way to pass variables from one php page to another. Are the two methods above the best way to go about it, or is there another my efficient way. Also if efficiency isn't the issue, then what is the most secure procedure/method.
Thanks for your time.
This is largely going to depend what you're trying to do? $_SESSION variables and $_GET variables largely have different purposes in web programming (although, yes, you could force some sway between the two).
The question you need to ask yourself is "is the variable storing information on the user OR directing the webserver to do something" if it's the former then use $_SESSION if it's the latter then $_GET.
You wouldn't for example want to pass loggedon=true as a GET variable (ignoring the security implications) because you would have to update every single link on the page to have the query string appended to it which, as you say, would lead to some untidy URLs.
SESSION
Is most commonly used for storing information about a user. Some examples:
Log on status
Shopping basket
Session preferences
For example when a user is successfully logged on you will want some way to remember that between page loads:
session_start();
$_SESSION["loggedon"] = true;
In every subsequent page request you can then check:
session_start();
if(!$_SESSION["loggedon"] ?? null){
echo "ERROR: You shouldn't be here!";
exit;
}
Note that $_SESSION is only accessible to the server, can't be directly accessed by the website user, and is persistent until the session closes.
GET
On the other hand is sent with every request and is typically used when you want to pass non-sensitive information from the user to the webserver. Some examples:
Language preferences
User input (e.g. a search query when using a search engine)
Forgotten password secure codes
Suppose you have a cookery website and 1000 recipes. You would likely only have one page to show the recipe and pass a GET variable in the URL to indicate which recipe should be loaded
http://www.mycookingwebsite.com/recipe.php?recipeid=477
Note that GET requests are visible to the user, can be modified, and show up in history etc. as well.
N.B. Do not pass sensitive details (e.g. username/password) over GET - not least because they would show up in the browser history!
You mention passing variables from one page to another. But I'm not quite clear on whether you mean Server->Server (SESSION) OR Client->Server(GET)?
An example of this all coming together would be in the case of a shopping cart:
At the back end you have an array stored in your session with the items in the cart, this is persistent throughout the session. On the client side you have the ability to send a GET (most people would probably POST) request to tell the server about the new product you want to add to the list.
If your primary concern is that users may find themselves at the wrong "stage" then I suggest building in some checks to make sure that they are in the right place at the right time.
For example given a quiz with 10 questions... If the user clicks a link which drops them at question 5 you check to see if they've already answered questions 1-4 and then act appropriately depending on the answer.
I have a PHP website of 6 pages and I want to have a functionality such as this:
The website is a little quiz game where you need to get through 5 trivia questions per page and the final page displays the highscore. The score is based on how fast you got there as the pages have a timer.
But I found out about a cheat I want to fix. If you simply type in the URL highscore.php or question5.php, you can get there faster without having gotten through the first few pages.
Is there some way to fix this?
Track the state of the quiz on the backend, e.g. track which questions have been answered yet. When the user tries to access a page that would require a previous page to be completed first, redirect the user to that page instead.
You can achieve this with a Session.
An even better solution than having six pages would be to have one page instead, e.g. quiz.php and then funnel all access through this page. This will make it easier to track progress because you don't need to copy and paste the code to the individual pages.
On a side note: you also want to track the time the quiz was started on the backend.
It's not that hard, just a careful coding is all you require.
Firstly, start a session and set it to an initial value, say 1, that means the user is in page 1. If he submits the answer, and then the user loads any other page in your website, create a script to call the same session value and use header("Location:page2.php")to force a redirect to page 2 or the page he is supposed to be in.
If the session is removed somehow then use isset() to check if it exists, if it doesn't start from the beginning.
I am building a link directory style web application. For simplicity all of the following are examples. On my website I have 10 categories. Each category has it's own page and each page has 100 links in a table format. Each link has many columns like name, id, url, etc but the focus of this question deals with the "time last viewed" column. It will display a default text if the user/visitor has never clicked the link however if the link has been clicked by the user prior to the visit it will display the time/date the user last visited that link.
The way I have it set up is when the user clicks the link they are sent to another page/script (using GET method. link 1 is appended with ?rid=1) I use a switch contruct. (Case value is 1 from $_GET execute code block) this code block is where i need the user statistics caputuring to happen. Once the function runs and both captures and stores the visit statistics info the user is sent to the requested resource via header location. So the next time to user sees the list of links on the category page the link they visited will now display the time they visited it.
On my production site i have up to 1000 links. If they clicked each link it would say next to each link the last time they clicked it. Important to include users will be logged in when clicking each link.
How would you go about doing this? Store the info in a cookie or in the database? As there are 1000 links there could be 1000 different values. Thanks in advance.
It isn't a lot of data so you can do both, store in the database as well as store in a cookie. Ideally for performance, you should retrieve from the cookie first and then retrieve from the database if the cookie doesn't contain any user information pertaining to that link. Depending on your performance requirements and the amount of traffic you anticipate, you can use database storage, in-memory storage and asynchronous updates.
database updates are instant but can impact overall performance and page load times
in-memory caching such as apc gives best performance but data needs to be synchronised to the database
asynchronous updates are great for balancing out performance hits because you can register a view from the client side using JavaScript after the page has loaded, rather than during php execution on server side.
Personally I would use all 3 if possible because it gives a good platform for future development.
I want to temporary store a series of array which will be used by next request. The stored information contains some sensitive data which will be used for navigating around that page with ajax call. The data were different from pages to pages. So, I just need to temporary store it for use when user is on that page.
First, I try to do it with cache: Cache::put($dynamickey, $multiArray, 20); But this will result in huge amount of "junk" cache store inside the folder even after it is expired.
So, I tried with session flush: Session::flash($dynamickey, $multiArray);. This works when user is open only 1 tab of webpage. But if user is open multiple tab of this website, it breaks.
For example:
1. User browse this website on tab1.
2. Then, user browse this website on tab2. As soon as after user browse website on tab2, the session data for tab1 is removed.
3. User come back and navigate tab1 content. The system break, and not working.
How can I store temporary data which will be deleted once it is no longer required, but also works well with multiple tab?
Thank you.
So, on the page that actually sets the session data you will need to generate a dynamic key which you can also generate when the ajax call is made. So:
Session:put($dynamicKey, $data);
Since the server doesn't know if you have multiple tabs open it just processes more requests, we need to distinguish AJAX requests from standard ones. This can be achieved via:
if (Request::ajax())
{
if (Session::has($dynamicKey)) {
Session::forget($dynamicKey);
// Do your application logic
}
}
So the session will not be removed until an ajax request is made where you can regenerate that key, now if you cannot regenerate that key from the data provided then you cannot tell apart two different requests. So you will need to get this key to the client side some how such as echoing it into a bit of javascript.
Now the AJAX call can utilise this key and send it in the request, where your server can pick it up and find the correct session of that tab.
Hope you understand this.
so I've hit a potential problem in my site....it's a post-based system, with the posts being in text files. Uses some Javascript and a lot of PHP.
When you make a submission on the form on the homepage, you are sent to a page where data is posted and processed, but you don't see it because you get redirected back. Then the homepage is changed based on what the post you made says. All that was working fine.
But now I'm trying to add a new feature that modifies the post you made, based on a button you hit which submits a hidden form using javascript, and sends to another process and redirect page you don't see, and it works fine until the block that I realized today. I don't know how to specify that the post being altered is the right one.
I anticipate a good amount of users of this site, so my concern is what if user X makes a post while user Y is making a post, and the post of user X becomes the top post, so user Y's options actually change user X's post.....
I was thinking of adding to the main processing page (the one that happens when you first submit) a COOKIE or something that would make note of the number of the line that post will become, by counting the number of the lines in that file at the time and adding 1 to it. Then checking it against the user's number (each user has a number) to see if it's that user's most recent post....but the problem is I don't know how I would pass that value around to be read in the next page.
Setting a COOKIE is out I think because the page both redirects, AND reads and writes to files. The only output to the page though are currently var_dumps.
POST/GET is out because to my knowledge the user would have to do SOMETHING to submit it, and the user's not even going to see the page.
Writing to a file would be messy if lots of users are trying to get their own data.
I think what I may be looking for is SESSION variables...but I don't know anything about those except that they're used to login to pages, and this site has no login.
To make things more fun, when a user posts the same content within a minute of another user, the first user's post is replaced and it gets a little +1 next to it...which makes it harder to check it against the user's number....
AND in the end I'm trying to use AJAX (which I dont know yet) to make the updates in real-time...now THAT is going to suck. But for now I'm worried about my static little site.
Baby steps.
Any ideas how to go about this??
Use Session variables, just as you have alluded. They aren't just used by login pages, they are used by everything. Sessions are the equivalent of server-side cookies / server-side storage, so you don't have to worry (as much) about your users tampering with them.
If you want to make life more difficult for yourself, you can json encode your variables and store them as an object in a database or even flat text file. But really, read up on sessions.
All you need to know is session_start(); before anything else then $_SESSION['var']=$yourvar; to save data and $_SESSION['yourvar'] to retrieve it later (such as on another page).