Handling multiple users sessions or something
This is a discussion on Handling multiple users sessions or something within the alt.comp.lang.php forums, part of the PHP Programming Forums category; Basically i'm getting the theory behind the fundementals of PHP sorted out. If I develop a PHP datbase systsem ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-02-2005
|
|||
|
|||
Handling multiple users sessions or something
Basically i'm getting the theory behind the fundementals of PHP
sorted out. If I develop a PHP datbase systsem online e.g. address book. After the user has logged in how does PHP know who this person is on other pages withought them having to re-login? Second question is sort of realted if after authentication (index.php) the user is taken to main.php how can I make it so that you cant got directly to main.php if you do you get redirected to index.php If' Im thinking all wrong please let me know what the best practice is - it's all new to me. TIA -- * Posted with NewsLeecher v3.0 Beta 7 * http://www.newsleecher.com/?usenet 
|
|
11-02-2005
|
|||
|
|||
|
Re: Handling multiple users sessions or something
suck@pakipower.com wrote:
> Basically i'm getting the theory behind the fundementals of PHP > sorted out. If I develop a PHP datbase systsem online e.g. address > book. After the user has logged in how does PHP know who this person > is on other pages withought them having to re-login? > > Second question is sort of realted if after authentication > (index.php) the user is taken to main.php how can I make it so that > you cant got directly to main.php if you do you get redirected to > index.php > > If' Im thinking all wrong please let me know what the best practice > is - it's all new to me. TIA Both these may be handled with cookie-based sessions. Basically, the cookie contains information (see the section on SESSION variables) which are stored on the user's browser until the PHP process asks for them (see session_start()). In the first case, if the cookie is present and contains the correct information, then the user's browser is authenticated to the system. (Note that the browser is authenticated not the user in a cookie-based system.) In the second case, a standard module may be developed that tests the contents of the cookie and, if the contents are either a) not there or b) invalid, then the user is re-directed to the login or 404 page. (see header()) -david-
|
|
11-02-2005
|
|||
|
|||
|
Re: Handling multiple users sessions or something
Thanks David. I'll have a good look at cookie based sessions. Do you
have any code snippets of such a method(s)? -- * Posted with NewsLeecher v3.0 Beta 7 * http://www.newsleecher.com/?usenet
|
|
11-03-2005
|
|||
|
|||
|
Re: Handling multiple users sessions or something
> Thanks David. I'll have a good look at cookie based sessions. Do you
> have any code snippets of such a method(s)? take a look at http://phpsec.org/projects/ and download the php security guide. In that guide you will find realy good and secure examples about use sessions and session handlers(DB, cookie, files) also a lot of other tips in it about writing secure and hackproof code good luck -- Kevin Wood AKA Dasdan http://www.dasdan.be http://gratis.host4all.be gratis mailbox + domeinnaam
|
Linear Mode
