What is best practice with regards to using session variables?
Is it best to just refer to them as session variables or is it better at the beginning of the script to transfer them to local variables of the same name?
I am also a little stumpped on the best folder/file structure for my application if anyone has a useful link with regards to that it would be very useful.. thanks.
Just access them as they are, there will be no performance hit.
In my mind data is usually in session for a reason, so moving it from the session to local, and the having to put it back again just provides a step for errors to occur, plus it may make your code more confusing to read.
You probably only want to assign the session value to a local variable if you need to manipulate the data and want to retain the original value.
I usually transfer them to local variables if I don't intend to manipulate them, just to avoid the chance of unintentionally overwriting. Plus, it's easier to work with local variables than writing out $_SESSION[''] every time.
Is it best to just refer to them as
session variables or is it better at
the beginning of the script to
transfer them to local variables of
the same name?
For me it depends on what you are doing with it, if you are using it once then use $_Session[] if you are doing lots of logic with it, it makes sense to transfer it to a local var.
Either way its preferance.
I'd recommend against using $_SESSION. Use a Session wrapper/manager class for handling session variables.
There are many available out there, but Zend_Session is among the best.
Related
I have a settings.php page in my application which uses $GLOBALS to store configurations used in the web app.
As an example, he is a sample setting variable I use:
$GLOBALS["new_login_page"] = 1;
$GLOBALS["secret_cross_check_token"] = 3243242342423;
I then call those globals on other pages (hence why I use $GLOBALS), to perform tasks, such as give a user a new feature if they have that global toggled to 1.
The Question:
This works really well for me and i do not wish to use a database to store them, however recently I came to think, are $GLOBALS secure? Can a user read or manipulate them? If yes, what is the solution???
I understand it is server side but i just had doubts as to whether the user can somehow access the $GLOBALS
A globals variables can only be accessed server side, you can use them safely.
If an user can access your globals variables it's because he has gained access to execute code in your server, so, in this case, he can do a lot of more things than read your globals variables.
If an user can execute code in your server, he will be able to copy all your files and all your database easily, so the access to global variables would not be the major problem.
$GLOBALS is totally secure global variable.
http://php.net/manual/en/reserved.variables.globals.php
users have no access to it.
the "security" was about register_globals directive.
but its removed from php.
http://php.net/manual/en/security.globals.php
the point there was that, for example, i forgot to define some $includeFile as 'inc.php', and i was doing include $includeFile;, someone could just go http://mysite.ru/script.php?includeFile=http://hackersite.ru/script.php and include his own file.
not very good example but something "near".
But it is not about $GLOBALS, so u should not worry about security there.
sorry for english.
Maybe stupid question but its still interesting for me. Is it possible to transfer some data between different sessions? Can I add some variable into another user's $_SESSION directly? Something like this abstract code:
$notMySession = getSessionById('123'); $notMySession['kindaInfo'] = 'something'
No directly you cannot transfer session data from one session to another session. That is what the session is made for.
I hope this helps you.
Each user has its own session, which PHP will use when it speaks to that specific user. That means that each session is isolated from one another.
Since the session is not stored on the users computer, there might be a way to reach the session files from your code and directly modify the files. But that doesn't sound like a particularly sane thing to do.
What's the best way to store temp data in PHP across page views? MySQL or server side cookies? Or something else I don't know about?
You could use the $_SESSION variable. I've seen people using it to keep session information such as cart contents, and generally to pass information from one page to another.
There's an extensive documentation on session variables at http://www.php.net/manual/en/ref.session.php .
I would advise against MySql in this case.
I prefer using PHP session for storing data on server side. For efficiency you can use memcached to save session values (default are saved on filesystem).
You can use $_SESSION like Clement suggested, but $_COOKIE may be appropriate also. Especially if you need to fetch the values client side. Here are some examples on how to use Cookies in PHP: http://www.w3schools.com/php/php_cookies.asp
Session variable is backed by a storage mechanism, that is, when the request finishes the session gets written by the session handler, by default this is to a file. On the next request it is pulled back from that file (or whatever else the session handler uses).
If you're reading and writing this data on every request, just stick with a the $_SESSION variables, the overhead of connecting, querying and updating a database will not be faster than the default $_SESSION.
You'll probably only ever want to use a database backed session if you are running multiple load-balanced servers and need to share the session data between them. In this case, if you find the overhead of the database sessions to be slowing down your site to a noticeable degree you might consider sticking memcached between your web server and the database.
I saw this example in php manual page
http://www.php.net/manual/en/session.examples.php
The example will create a global session for all client. Can I use this example to create some global application for all client, instead of save it to DB or local file.
What're the pros and cons of this method?
Thanks for any help.
It might work, but I wouldn't recommend it... to much scope for potential confusion by othe rdevelopers working with the code, potential issues if you update session variables within the wrong scope, and the use of the term "session" for something that is not session-related can lead to a whole world of confusion
Yes it is possible by sharing the session id between two clients but sessions are only used to store temporary data of a user. So once a session is destroyed there is no way to retrieve that data.
No, this is not possible, or advised. A session is bound to one client, and clients do not share a session.
I have 2 files namely:
uploading.php
emaillinks.php
both include a file inc.php which has all the include files and initiate database connection.
a variable is declared in file uploading.php, i wanted to know how can i access it in emaillinks.php, i cant include uploading.php in emaillinks.php.
I want to avoid cookies because data is big and always different.
what is the best option to make it accessible by emaillinks.php?
Thank You.
Depending on what it is, you could put it into the database or into the session ($_SESSION)
If you can't include you'll need to go with session variables or cookies.
Reading your question the words "registry pattern" suddenly popped into my head. This might be a bit of overkill for your needs, but it might be worth looking into.
You'd probably have to do a lot of refactoring to make this solution available. So you'd probably be best using the session, database or some text file to store your variable.
Here is a good article on using a registry, though (if you're interested).