RE: [PHP] can't restart session

This is a discussion on RE: [PHP] can't restart session within the PHP General forums, part of the PHP Programming Forums category; CPT John W. Holmes <mailto:holmes072000@charter.net> on Monday, July 21, 2003 1:05 PM said: > ...


Go Back   Usenet Forums > PHP Programming Forums > PHP General

Reload this Page RE: [PHP] can't restart session

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 07-21-2003
Chris W. Parker
 
Posts: n/a
Default RE: [PHP] can't restart session
CPT John W. Holmes <mailto:holmes072000@charter.net>
on Monday, July 21, 2003 1:05 PM said:

> Then something is wrong in your code. If you properly clear the
> session of all of it's contents, then even if I pass the same session
> id on the next page request, it should see me as a new user since
> there is no data in the session.

Ok, then maybe I'm misunderstanding how sessions work and/or how they
are supposed to be used.

What is the point of having a unique ID for each session if the only
thing that matters is the data stored within it? Why have a session id
at all if it can't be used to uniquely track a user?

Just for the sake of example, let's say I write the session id to a
database each time someone hits the login page and successfully
authenticates. If the session id doesn't change between each user (using
the same computer, let's say in a public school library) then it would
appear that I've got much less use than I realy do.

Granted someone wouldn't really do it this way but I'm just trying to
make a point.

Chris.


p.s. I'm new to this list as you may have noticed and so far this is the
only list that I've been on that doesn't use the list's address as the
return address. Do I have to manually put it in the To box each time?
Reply With Quote
  #2 (permalink)  
Old 07-21-2003
Cpt John W. Holmes
 
Posts: n/a
Default Re: [PHP] can't restart session
> What is the point of having a unique ID for each session if the only
> thing that matters is the data stored within it? Why have a session id
> at all if it can't be used to uniquely track a user?

Well, it can, and it does. I guess it's all in how you use it. If my session
id is "abcd", then when I log out, your program should erase all of the data
in the session and forget that it ever knew about a session called "abcd".
That way, even if I log in with the same session (since the cookie wasn't
deleted, probably, which is probably the cause of this whole problem), then
I will be a new user and not related to the old user/session in any matter.

> p.s. I'm new to this list as you may have noticed and so far this is the
> only list that I've been on that doesn't use the list's address as the
> return address. Do I have to manually put it in the To box each time?

Yeah, the topic of discussion quite a bit in the past few days. Just use the
Reply-All button, please.

---John Holmes...

Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 03:43 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0