Guys I really don't understand how this works.
How come you have to create 7/8 functions just to get it to work? Is there no way I can simply create a record of a users session Id and then restore it from the server when they return?
I really am stuck on this and need someone to clarify the topic for me.
Currently I have managed to encode the session variables and store them into a cookie including the Session ID. I just have no idea how to use the cookie to restore a the users session.
Thanks a ton.don't save them in a cookie, the user can delete the cookie. your best bet is to save them in a database.
what is it you wanted to save? the whole session or just variables? and why are you worried about a session? just use as cookie if you just save it in a cookie anyway.
also a session will be deleted on the server when it runs it's garbage cleanup.
and why is it so special to save that session_id ?Thanks for the reply mate..could we chat on MSN possibly? If not no worries its just its a pain having to wait for you see this.
Basically, I want to allow the sessions be restored, not for an infinite amount of time, but for a considerable length of time, basically take PhpBB, you login, click the remember my password and your details are remembered.
So, if I was to try and store within a database? I could write the session details to the database table, how would I then restore that session for the specific user?
I'm not sure whether it would be best to store the Session VARIABLES in the database, or not, and just use the database for session ID references.
Really I am in your hands mate what would you advise.well it remembers you because of a cookie. the cookie has the id of the member and then it gets the info and set a NEW session. see no need to use the same session_id when you save the cookie with the user id in it.
sorry I don't have msn.Ahh thats good, thanks for clearing it in my head.
So when it sets the cookie of the user ID, could someone not fool the system by creating a cookie with someones user id? And what is the purpose of the sessions table in the database. I just don't see how I can go about acheiving this...
I.e. how would I save the information..how would I retrieve it?ok, you can't edit a cookie, well you can but it is encrypted.
you should have a members table tha tholds the users info. when they come to the site it looks at the cookie, if none found they get a login box. if the cookie is found it gets the id from the cookie and queries the members table in the database. then it reloads the cookie (updates it) on the users compter, so now the cookie has a new session_id in it (if you keep it) and it has the time (if you keep that as well)
if you are trying to make a whos online and stuff take these forums for example. they use cookies and sessions. when the user comes online and the forum detects they have a cookie then the forum puts a 1 in a column on the database to signify that that user is online. when the forum can't detect the user anymore it clears that column of that user. so the database has a cache table, so to speak.
The session table is the cache table.
starting to make since?So wait, if a cookie is found, get the information and check it against the datbase, if its ok loggedin = 1 or something on the database? then next time they log in if the database says logged in = 1 on their username it lets them in? how does it let them in..where does it get the password and user name from, the cookie?
So what information does the cache/session table store I still am not clear on it..So wait, if a cookie is found, get the information and check it against the datbase, if its ok loggedin = 1 or something on the database?
yes something like that. don't make this harder than it really is. this forum saves the password (encrypted) saves teh last time they logged on, saves the thread view if you have it set, and saves the sesion_id.
now when they come to the site and login they set those varaibles. also it saves the session_id in a table called session. this will also keep the time of when they logged in. if they are a member it will update the members table periodically so the time is updated. in this session table it has a column where if they are a member they have their userid in that column. now if they close there browser and walk away for an hour and come back, the forum looks at this cookie and gets the session_id, userid, lastvisit, and the thread views. all this is once again aved in the session table. if his orginal values are still in the session table they are updated. if they are not in there (because that table gets cleaned out perodically) then it makes a new one.
then next time they log in if the database says logged in = 1 on their username it lets them in? how does it let them in..where does it get the password and user name from, the cookie?
well no it shouldn't say logged in =1. the cookie triggers a query, that query matches the userid and/or password. if the info is found it logs them in, if it isn't found in the database they are presented a register link. don't worry about people changing the cookie, it is harder than you think.Thanks mate, I reckon I will be able to have a decent crack at it now.
Still, I'm not 100% clear on how the cookies and session interact with each other, where you use cookies, where you use sessions etc, and what is stored in the database.sessions and cookie are primarily the samething. except one is stored on the server.
it doesn't matter which one you use. if you use a cookie then just have it so they can be remember on login. then use session throughout the site. or vice-versa. doesn't really matter.
what is stored in the database it totally up to you. you can have anything you want.I want to use cookies as little as possible. I was hoping I could store most of the information in the database.why is that? nothing wrong with them. so then just use 1 cookie and have the users id stored in it and when they come back query the database for it and set sessions if the query found something, then use session across the site.
if you get real technical you can serialize the session_id and then store the whole thing in the database and just have the session_id in the cookie. but that gets trickyI know what you mean, I have looked into that sort of thing, but really I don't need a system like this yet.
The thing is mate, you say store the user ID in the cookie, how can it do a validation check if it has no password to play with?then hold the encrypted passowrd in the cookie as well. if it is encrypted then it can't be changed.How would I hold both the username and the password? Would I set 2 cookies?
Also, what would happen if they didnt have cookies enabled, are there any work arounds for this?
[Thanks a lot for your help so far mate.]How would I hold both the username and the password? Would I set 2 cookies?
yes, 2 cookies is the best way.
Also, what would happen if they didnt have cookies enabled, are there any work arounds for this?
Thanks a lot for your help so far mate.
no, then you are stuck if they don't have cookie enabled. you have to have them login everytime.Damn ok, so how does PhpBB get around this problem, store the session variables in the database?if the board doesn't use cookie then there is no way to log them in automaticaly. every time the browser is shut down and re opened it creates a new session_id so the board has no idea who you are unless you og in.Ok mate.
Its just the phpbb session table has session id, session user id and a few other column fields, I just assumed this was the way they restored sessions for each particular user.you could only if they saved a cookie.
those session tables are using use for who's online kind of stuff. other than that they are worth nothing.Ok thanks a lot mate. I'll have a crack at getting this all working tonight.Much thanks to you Scoutt. I've got a simple log in system with remember me functionality using the method you outlined above working, although its simple you've helped me get a firm understanding of how it all works and now I can move onto more complex systems, so once again, many thanks your a star. :rocker:cool, I am glad I can help.
yes there are many ways you can do it and you can also get real technical on it as well.
but the basics is all anybody needs sometimes.
How come you have to create 7/8 functions just to get it to work? Is there no way I can simply create a record of a users session Id and then restore it from the server when they return?
I really am stuck on this and need someone to clarify the topic for me.
Currently I have managed to encode the session variables and store them into a cookie including the Session ID. I just have no idea how to use the cookie to restore a the users session.
Thanks a ton.don't save them in a cookie, the user can delete the cookie. your best bet is to save them in a database.
what is it you wanted to save? the whole session or just variables? and why are you worried about a session? just use as cookie if you just save it in a cookie anyway.
also a session will be deleted on the server when it runs it's garbage cleanup.
and why is it so special to save that session_id ?Thanks for the reply mate..could we chat on MSN possibly? If not no worries its just its a pain having to wait for you see this.
Basically, I want to allow the sessions be restored, not for an infinite amount of time, but for a considerable length of time, basically take PhpBB, you login, click the remember my password and your details are remembered.
So, if I was to try and store within a database? I could write the session details to the database table, how would I then restore that session for the specific user?
I'm not sure whether it would be best to store the Session VARIABLES in the database, or not, and just use the database for session ID references.
Really I am in your hands mate what would you advise.well it remembers you because of a cookie. the cookie has the id of the member and then it gets the info and set a NEW session. see no need to use the same session_id when you save the cookie with the user id in it.
sorry I don't have msn.Ahh thats good, thanks for clearing it in my head.
So when it sets the cookie of the user ID, could someone not fool the system by creating a cookie with someones user id? And what is the purpose of the sessions table in the database. I just don't see how I can go about acheiving this...
I.e. how would I save the information..how would I retrieve it?ok, you can't edit a cookie, well you can but it is encrypted.
you should have a members table tha tholds the users info. when they come to the site it looks at the cookie, if none found they get a login box. if the cookie is found it gets the id from the cookie and queries the members table in the database. then it reloads the cookie (updates it) on the users compter, so now the cookie has a new session_id in it (if you keep it) and it has the time (if you keep that as well)
if you are trying to make a whos online and stuff take these forums for example. they use cookies and sessions. when the user comes online and the forum detects they have a cookie then the forum puts a 1 in a column on the database to signify that that user is online. when the forum can't detect the user anymore it clears that column of that user. so the database has a cache table, so to speak.
The session table is the cache table.
starting to make since?So wait, if a cookie is found, get the information and check it against the datbase, if its ok loggedin = 1 or something on the database? then next time they log in if the database says logged in = 1 on their username it lets them in? how does it let them in..where does it get the password and user name from, the cookie?
So what information does the cache/session table store I still am not clear on it..So wait, if a cookie is found, get the information and check it against the datbase, if its ok loggedin = 1 or something on the database?
yes something like that. don't make this harder than it really is. this forum saves the password (encrypted) saves teh last time they logged on, saves the thread view if you have it set, and saves the sesion_id.
now when they come to the site and login they set those varaibles. also it saves the session_id in a table called session. this will also keep the time of when they logged in. if they are a member it will update the members table periodically so the time is updated. in this session table it has a column where if they are a member they have their userid in that column. now if they close there browser and walk away for an hour and come back, the forum looks at this cookie and gets the session_id, userid, lastvisit, and the thread views. all this is once again aved in the session table. if his orginal values are still in the session table they are updated. if they are not in there (because that table gets cleaned out perodically) then it makes a new one.
then next time they log in if the database says logged in = 1 on their username it lets them in? how does it let them in..where does it get the password and user name from, the cookie?
well no it shouldn't say logged in =1. the cookie triggers a query, that query matches the userid and/or password. if the info is found it logs them in, if it isn't found in the database they are presented a register link. don't worry about people changing the cookie, it is harder than you think.Thanks mate, I reckon I will be able to have a decent crack at it now.
Still, I'm not 100% clear on how the cookies and session interact with each other, where you use cookies, where you use sessions etc, and what is stored in the database.sessions and cookie are primarily the samething. except one is stored on the server.
it doesn't matter which one you use. if you use a cookie then just have it so they can be remember on login. then use session throughout the site. or vice-versa. doesn't really matter.
what is stored in the database it totally up to you. you can have anything you want.I want to use cookies as little as possible. I was hoping I could store most of the information in the database.why is that? nothing wrong with them. so then just use 1 cookie and have the users id stored in it and when they come back query the database for it and set sessions if the query found something, then use session across the site.
if you get real technical you can serialize the session_id and then store the whole thing in the database and just have the session_id in the cookie. but that gets trickyI know what you mean, I have looked into that sort of thing, but really I don't need a system like this yet.
The thing is mate, you say store the user ID in the cookie, how can it do a validation check if it has no password to play with?then hold the encrypted passowrd in the cookie as well. if it is encrypted then it can't be changed.How would I hold both the username and the password? Would I set 2 cookies?
Also, what would happen if they didnt have cookies enabled, are there any work arounds for this?
[Thanks a lot for your help so far mate.]How would I hold both the username and the password? Would I set 2 cookies?
yes, 2 cookies is the best way.
Also, what would happen if they didnt have cookies enabled, are there any work arounds for this?
Thanks a lot for your help so far mate.
no, then you are stuck if they don't have cookie enabled. you have to have them login everytime.Damn ok, so how does PhpBB get around this problem, store the session variables in the database?if the board doesn't use cookie then there is no way to log them in automaticaly. every time the browser is shut down and re opened it creates a new session_id so the board has no idea who you are unless you og in.Ok mate.
Its just the phpbb session table has session id, session user id and a few other column fields, I just assumed this was the way they restored sessions for each particular user.you could only if they saved a cookie.
those session tables are using use for who's online kind of stuff. other than that they are worth nothing.Ok thanks a lot mate. I'll have a crack at getting this all working tonight.Much thanks to you Scoutt. I've got a simple log in system with remember me functionality using the method you outlined above working, although its simple you've helped me get a firm understanding of how it all works and now I can move onto more complex systems, so once again, many thanks your a star. :rocker:cool, I am glad I can help.
yes there are many ways you can do it and you can also get real technical on it as well.
but the basics is all anybody needs sometimes.