|
PHP - Is A Sessions Database Needed .... ?
I've been thinking that I needed to build a database to store sessions in. However, seeing a post in another topic got to pondering if I really need it now.
My site is very small and as of now the login script makes the normal sessions variables, member id, display name, etc., and I've also thrown in http_user_agent. If sessions are destroyed by logging out or by closing the browser is a session database really needed? How much does site size matter? Say on a very small site (10-15 people a day, no money changing hands, just logging in and posting) or medium small site (50-100 people a day, no money ...) ? Thanks Similar Tutorialshello. i have 2 issues. 1. im trying to create a session or a global for the pageName but im going in circles. on each page i have the page name. for example: Code: [Select] $pageName="adminHome"; each page has its own variables in the db which say how the page is layed out etc.. so the template index looks for the pageName and then pulls the correct layout from to db.. i need the template (and other pages) to get the $pageName="" everytime the page changes. please help. this code might help. this is a basic page: Code: [Select] <?PHP require_once("../includes/initialize.php"); $pName = "adminHome"; $page = Pages::find_by_pageName($pName); echo $page->id."<br />"; this is my layouts/header.php where $session = new Session(); is located and its also looking for the pageName but i cant seem to get it to see it Code: [Select] <?PHP require_once("../includes/initialize.php"); $session = new Session(); NEEDS TO FIND PAGE NAME HERE if($pageName == "adminHome"){ if (!$session->is_logged_in()) { $user=""; }else{ $user = User::find_by_id($_SESSION["user_id"]); redirect_to("home.php");} }else{ if (!$session->is_logged_in()) { $session->message("Access denied."); redirect_to("pages/admin_login.php"); }else{ $user = User::find_by_id($_SESSION["user_id"]); } } ?> --------------------------------------------------------------------- PROBLEM 2. problem 1 and 2 could be solved by the same thing really. on the page i have the pageName. i then get the various bits from the db like the template_id, the layout_id etc... which are needed on other pages . do i session each variable or put each in to a global or is there some other way. for example: Code: [Select] $pName = "adminHome"; $page = Pages::find_by_pageName($pName); echo $page->id."<br />"; echo $page->pageName."<br />"; echo $page->layoutTemps_id.'<br/>'; //ETC now i want to put these into there own sessions or globals (or something else) to pass to other pages ANY THOUGHTS... i have a session class. but im not using it for this. maybe i could use it but im not sure how. Code: [Select] <?PHP class Session { private $logged_in=false; public $user_id; public $message; function __construct(){ // session_start(); $this->check_login(); $this->check_message(); }//end function __construct() session start /* if($this->logged_in) { // do something } else { // do something } //end if */ public function is_logged_in() { return $this->logged_in; }//end function is_logged_in() public function login($user) { //database should find user based on username/password if($user) { $this->user_id = $_SESSION['user_id'] = $user->id; $this->logged_in = true; }//end if }//function login($user) public function logout() { unset($_SESSION['user_id']); unset($this->user_id); $this->logged_in = false; }//end function logout() // you have to set the message // this can set and get a message public function message($msg="") { if(!empty($msg)) { //then this is "set message" // make sure you understand why $this->message=$msg wouldn't work // we have to store it in the session $_SESSION['message'] = $msg; } else { // then this is "get message" return $this->message; } // end if } // end function message($msg="") private function check_login() { if(isset($_SESSION['user_id'])) { $this->user_id = $_SESSION['user_id']; $this->logged_in = true; }else{ unset($this->user_id); $this->logged_in = false; }//end if }//end function check_login() private function check_message() { //is there a message stored in the session? if(isset($_SESSION['message'])) { // Add it as an attribute and erase the stored version $this->message = $_SESSION['message']; unset($_SESSION['message']); }else{ $this->message = ""; }//end if }//end check_message() }//end class session $session = new Session(); //create a session $message = $session->message(); ?> THANKS rick If you are a PHP expert, then I really your help. I have a question regarding PHP sessions and their security. So here is my story ... I created a login script (login.php) for my website. When a user goes to the login.php page, they see a login form that they must fill with their username and password to login to the members' area and view their profile, etc. On that login page, when the user enters their username and password and then clicks the "Login" button, my script filters the data, sends MySQL query and checks if the login is valid. If the login is NOT valid, then they get a "Login Failed" message. If the login is valid, I register their username and the password in sessions and redirect them to the members.php page. Here is some of my code for my login.php page after mysql confirms the login is valid <?php $query = mysql_query('SELECT * FROM `users` WHERE username='$user' AND password='$pass'"); $numRows = mysql_num_rows($query); if ( $numRows ) { // login is valid $_SESSION['username'] = $user; $_SESSION['pass'] = $pass; // redirect user to members area header('Location: /members.php'); } else { // login is invalid echo "Login failed"; } ?> My question is ... is this login script secured? I mean, I am not generating any session id or any cookie. I am just storing the username and the password in two session variables and those are the things that i will use to display the user's profile, etc. Can attackers attack this script? Is this secured or is there any other way I can make it stronger? Hey guys, I have been banging my head against a wall here with this. I am saving my sessions in my database via session_set_save_handler(). So let me walk you through what I have here, what works, and what the issue seems to be. basically, the problem is the $_SESSION array is empty on page load. common.php: I have the open / close / read / write / destroy / and gc functions. These all work properly as when i use a session variable it stores into the database and i can see all of the information in there.. inside of common.php i have session_start().. I am positive that the session_start() is running becasue common.php is included into index.php and i tried adding session_start() to index.php again and i got an E_NOTICE saying the session already began. (yes, for the read function i am returning a string... i included that below). for the table itself, i have set the session_data as both text and blob, same issue with both. index.php: includes common.php. I know it's included as other aspects of the file are included and work properly. if i call var_dump($_SESSION) i get an empty array. and i prited out the session_id() and it matched my session id in the database. and the values that are stored in there are correct. i have for example: count|i:0 now with that value actually in the database and when calling session_id() and i get the ID that matches in the table. so i will get an E_NOTICE of an undefined index.. i was trying something like: if(!isset($_SESSION['count'])) $_SESSION['count'] = 0; else $_SESSION['count']++; echo $_SESSION['count']; Everytime the page is reloaded, count is reset to 0.. I can tell that it is reset to 0 as the expired time changes in the database after every load of the page (which is part of the write function). I double checked that it wasn't a problem for some reason with the ++ by adding in a variable that sets to 1 when in the if, and 0 if in the else, and it always outputs a 1. i have included here my read function since that apparently is the issue.. function sess_read($sess_id) { global $DB; $sql = "SELECT `session_data` FROM `sessions` WHERE session_id = '".$sess_id."' AND session_agent = '".$_SERVER["HTTP_USER_AGENT"]."' AND session_expire > '".time()."';"; $query = $DB->query($sql); if($DB->num_rows($query) > 0) { $r = $DB->fetch($query); return settype($r['session_data'], 'string'); } return ''; } I tried also with removing the agent and expire check to see if it was an issue there but same problem. I probably have missed something really dumb but i can't for the life of me figure it out and I have googled around for a similar issue. The actual output of the page is correct.. all of the HTML and CSS information loads properly.. no errors are reported (and i have E_ALL on). Thanks Hi guys, Hello All, I have a custom session.set_save_handler to handler sessions for my application. It seems to work fine. The database table is of type innodb. I see some errors in my log file of the nature, "(1205) Lock wait timeout exceeded; try restarting transaction". I have a class which contains the session handler callbacks and have made it a singleton class. session_set_save_handler( array($this, "db_open"), array($this, "db_close"), array($this, "db_read"), array($this, "db_write"), array($this, "db_destroy"), array($this, "db_gc") ); In my "db_read" method, I am doing a "SELECT FOR UPDATE" on the row with the session id. So, while performing load testing on my app. which has a lot of ajax calls, I noticed the "lock wait timeout" errors. How do I resolve this problem? Any suggestions? 1) Should I catch these errors and issue a explicit "commit" in the read or write methods? 2) Should I specify a higher timeout value for "innodb_lock_wait_timeout"? Thanks Hey guys, I`m having problems finding information on how to insert a image on a blob column trough odbc on a oracle database. Does anyone knows where can i find it, or can anyone help me with sample code? I really need to use odbc functions (cant use oci8 ) Tanks for your time reading this and for the possible input you may add on this. Sincerely Arestas Hi php freaks i am new to php im doin a small project to handle tickets created by customers now i want to change the font color based on the status for example: ID + Name + Product + Status ------------------------------------------------------------------------------------------------------------------------------------ 1111 + abcdef + bat + processing ----------------+--------------------------------------+------------------------------------------+------------------------------ i can connect to database and fetch it the only place i need help is changing the any help would be very helpful thanks in advance Hi, I've currently started to modify a chat script of mine to output a moderation panel but the moderation page seems empty(blank) every time I load it. What im trying to do is to take the ID part in my URL via the $_GET and look it up in my database table in the column named id, then select that specific row to be able to retrieve the StringyChat_ip and place it into another table to ban the IP and the second thing im trying to do is to be able to delete the specific row from my table.
My Http link look something like
http://imagecrab.fre.../ban.php?id=159
and my ban.php page where I want to lookup the 159 part and do the banning etc looks like
<?
include("admin_code_header.php");
if ($_POST["DeletePost"]) {
$id = $_POST['id'];
$query = "DELETE FROM ".$dbTable." WHERE id='".$id."'";
mysql_query($query);
echo "ID removed from system: ".$id;
}
if ($_POST["BanIP"]) {
$IP_To_Add = $_POST["ip"];
$sql = "INSERT INTO ".$IPBanTable." (ip) VALUES (\"$IP_To_Add\")";
$result = mysql_query($sql);
}
$result = mysql_query("SELECT * FROM ".$dbTable." WHERE id='".$id."'",$db);
while ($myrow = mysql_fetch_array($result)) {
$msg = $myrow["StringyChat_message"];
$idm = $myrow["id"];
?>
<html>
<form name="form<? echo $myrow["id"];?>" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input name="DeletePost" type="submit" id="DeletePost" value="Delete">
<input name="BanIP" type="submit" id="BanIP" value="Ban <? echo $myrow["StringyChat_ip"];?>">
</form>
</html>
<?
}
?>
Hi, is two people or more sitting on the same local network and sharing the same public ip address will have the same session if they browse all of them into the same website or same php script that create session ?
Edited by Issam, 16 November 2014 - 05:18 PM. Hi all, If I have a list of session ids, is it possible to use this list to determine which session is no longer active? Seems like it should be do-able but can't find help on it so I'm kinda guessing its not! Thanks for any help, Michael I got a log-in form with database, it only logs if such username and password exists. I was told that if i wanna make a log-out button once logged-in, i need to add sessions to my code and idk how.. this is my code that checks if username/password exists, and if so it lets u log in, if not it displays a msg: if(isset($_POST['loginsubmit'])){ if($username !="" && $password !="") { ///////////////////////////////Check for username/pass in database//////////////////////////// $nameexists = false; $passexists = false; $result = pg_query("SELECT name FROM duom WHERE name='".$username."'"); while ($row = pg_fetch_array($result)) { if($row['name'] != ""){ $nameexists = true; } } if($nameexists) { $result = pg_query("SELECT pass FROM duom WHERE name='".$username."'"); while ($row = pg_fetch_array($result)) { if($row['pass'] == $password){ $passexists = true; echo "Prisijungimas pavyko, jusu vartotojo vardas - ".$username.""; include"loggedinform.php"; } else { echo "Slaptazodis netinka!"; } /////////////////Starts session if password is correct//////////////////////////////////////////// if ($passexists){ //Here i want it to start the session if password is correct } ////////////////////////////////////////////////////////////////////////////////////////////////////////// } } else { echo "Tokio vartotojo nera!"; } ////////////////////////////////////////////////////////////////////////////////////////////////////////// } else { echo "Uzpildykite visus duomenys!"; } } Cant i just make smth like this? if ($passexists){ session_start(); } Kind of a n00b here. on my main table (users) i named a column as "id", set it to auto-increment and as the primary key and created it like this: CREATE TABLE `users` ( `id` int(20) NOT NULL auto_increment, `full_name` varchar(200) collate latin1_general_ci NOT NULL default '', `user_name` varchar(200) collate latin1_general_ci NOT NULL default '', `user_pwd` varchar(200) collate latin1_general_ci NOT NULL default '', `user_email` varchar(200) collate latin1_general_ci NOT NULL default '', `activation_code` int(10) NOT NULL default '0', `joined` date NOT NULL default '0000-00-00', `country` varchar(100) collate latin1_general_ci NOT NULL default '', `user_activated` int(1) NOT NULL default '0', PRIMARY KEY (`id`) ) On the second table i created it like this: CREATE TABLE about_me ( about_id int NOT NULL, nick_name varchar(255), descript varchar(255), aim varchar(255), cell varchar(255), school varchar(255), music varchar(255), aspire varchar(255), City varchar(255), id int, PRIMARY KEY (about_id), FOREIGN KEY (id) REFERENCES users(id) ) I believe i imported the key correctly into my new table (about_me). Well I expected the id column to cascade down into this new table automatically which it didn't. RIght now if you log into my site and use the about me form, it posts to the new table "about_me" but it doesn't identify the user on the table with the primary key assigned to him from the first table (users). How do I use PHP sessions to identify the user by his/her id from the primary key in the table. I attached the whole site. The php for the log in is a prefab and I'm attempting to do the about me part on my own, I'm having alot of trouble with the whole sessions thing. I'm not really sure if I'm doing this correctly. so yeah any point in the right direction would be awesome! -Mike Hey Guys, Me again! Still working on this bloody database! Okay, so I have a site that people can add a record to a database. This record is filled using a form and the form contains an image that can be uploaded. This works fine. Then there's the ability to search a record based on a boolean search which displays a table with the record data and displays a thumbnail of the photo. This also works fine. Then I have a script that (once it's working) will allow you to edit the record. This is where I'm having issues. Here's my process for the form: User searches for the record by using a boolean search Search finds the record and displays a form containing the original values in the database User changes some parts of the original record using the form Form then updates the database with the new values The problem I'm having is with the photo function. If there's no photo attached, I was getting an error saying that the photo field could not be empty. So I used the following process: User searches for the record using edit.php Form is displayed using edit_process.php edit_process.php is posted to update.php that has conditions to check if the file upload field is empty or not If the field is empty, then it requires updatenophoto.php If the field has a new image, it uses updatephoto.php When I submit the form to the update.php script, it does nothing and gives me a blank page. Here's my code for each of the parts (hit the character limit, code in comments): Hello, Is there a problem in destroying a session and then starting it in the same file, for example: session_name(); session_start(); session_destroy(); And lastly, if I create a variable $_SESSION['user'] under a session called 'one' i.e. session_name("one") and then create another variable $_SESSION['user'] under a session called 'two' i.e. session_name("two"). Are these two variables the same? Hi all, What is the best practice when using Sessions for guest users? hello i am makeing a forum and to post a new thread it has to check if the user is logged in, so i log into my website and i go to the post new topic but it says im not logged in here is the new_topic.php and also the login.php new_topic.php <?php session_start(); include_once "../scripts/connect_to_mysql.php"; // Connect to the database // Check to see if the user is logged in with session variables if (!isset($_SESSION['userpass']) || $_SESSION['userpass'] == "") { echo "Please log in..."; exit(); } else { // Assume they are a member because they have a password session variable set // Check the database to be sure that their ID, password, and email session variables all match in the database $u_id = mysql_real_escape_string($_SESSION['id']); $u_name = mysql_real_escape_string($_SESSION['username']); $u_email = mysql_real_escape_string($_SESSION['useremail']); $u_pass = mysql_real_escape_string($_SESSION['userpass']); $sql = mysql_query("SELECT * FROM myMembers WHERE id='$u_id' AND username='$u_name' AND email='$u_email' AND password='$u_pass'"); $numRows = mysql_num_rows($sql); if ($numRows < 1) { echo "ERROR: You do not exist in the system."; exit(); } } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // Check to make sure the URL variables of "sid" and "title" are set if (!isset($_POST['forum_id']) || $_POST['forum_id'] == "" || !isset($_POST['forum_title']) || $_POST['forum_title'] == "") { echo "Important variables are missing"; exit(); } else { // Acquire the variables and proceed to show them a form for creating a new topic $forum_section_id = preg_replace('#[^0-9]#i', '', $_POST['forum_id']); $forum_section_title = preg_replace('#[^A-Za-z 0-9]#i', '', $_POST['forum_title']); } /////////////////////////////////////////////////////////////////////////////////////////////////// $sql = mysql_query("SELECT * FROM forum_sections WHERE id='$forum_section_id' AND title='$forum_section_title'"); $numRows = mysql_num_rows($sql); if ($numRows < 1) { echo "ERROR: That section deos not exist."; exit(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link href="style/style.css" rel="stylesheet" type="text/css" /> <title>Create New Topic</title> <script type="text/javascript" language="javascript"> <!-- function validateMyForm ( ) { var isValid = true; if ( document.form1.post_title.value == "" ) { alert ( "Please type in a title for this topic" ); isValid = false; } else if ( document.form1.post_title.value.length < 10 ) { alert ( "Your title must be at least 10 characters long" ); isValid = false; } else if ( document.form1.post_body.value == "" ) { alert ( "Please type in your topic body." ); isValid = false; } return isValid; } //--> </script> </head> <body> <?php include_once("template_header.php"); ?> <table style="background-color: #F0F0F0; border:#069 1px solid; border-top:none;" width="900" border="0" align="center" cellpadding="12" cellspacing="0"> <tr> <td width="731" valign="top"> <div id="breadcrumbs"><a href="http://www.webintersect.com">Web Intersect Home</a> ← <a href="http://www.webintersect.com/forum">Forum Home</a> ← <a href="section.php?id=<?php echo $forum_section_id; ?>"><?php echo $forum_section_title; ?></a></div> <h2>Creating New Topic In the <em><?php echo $forum_section_title; ?></em> Forum</h2> <form action="parse_post.php" method="post" name="form1"> <input name="post_type" type="hidden" value="a" /> Topic Author:<br /><input name="topic_author" type="text" disabled="disabled" maxlength="64" style="width:96%;" value="<?php echo $u_name; ?>" /> <br /><br /> Please type in a title for your topic he <br /><input name="post_title" type="text" maxlength="64" style="width:96%;" /><br /><br /> Please type in your topic body:<br /><textarea name="post_body" rows="15" style="width:96%;"></textarea> <br /><br /><input name="" type="submit" value="Create my topic now!" onclick="javascript:return validateMyForm();"/> <input name="fsID" type="hidden" value="<?php echo $forum_section_id; ?>" /> <input name="fsTitle" type="hidden" value="<?php echo $forum_section_title; ?>" /> <input name="uid" type="hidden" value="<?php echo $_SESSION['id']; ?>" /> <input name="upass" type="hidden" value="<?php echo $_SESSION['userpass']; ?>" /> </form> </td> <td width="189" valign="top"><div style=" width:160px; height:600px; background-color: #999; color: #CCC; padding:12px;"> <br /> <br /> <br /> <h3>Ad Space or Whatever</h3> </div></td> </tr> </table> <?php include_once("template_footer.php"); ?> </body> </html> login.php <?php // Start Session to enable creating the session variables below when they log in session_start(); // Force script errors and warnings to show on page in case php.ini file is set to not display them error_reporting(E_ALL); ini_set('display_errors', '1'); //----------------------------------------------------------------------------------------------------------------------------------- // Initialize some vars $errorMsg = ''; $email = ''; $pass = ''; $remember = ''; if (isset($_POST['email'])) { $email = $_POST['email']; $pass = $_POST['pass']; if (isset($_POST['remember'])) { $remember = $_POST['remember']; } $email = stripslashes($email); $pass = stripslashes($pass); $email = strip_tags($email); $pass = strip_tags($pass); // error handling conditional checks go here if ((!$email) || (!$pass)) { $errorMsg = 'Please fill in both fields'; } else { // Error handling is complete so process the info if no errors include 'scripts/connect_to_mysql.php'; // Connect to the database $email = mysql_real_escape_string($email); // After we connect, we secure the string before adding to query //$pass = mysql_real_escape_string($pass); // After we connect, we secure the string before adding to query $pass = md5($pass); // Add MD5 Hash to the password variable they supplied after filtering it // Make the SQL query $sql = mysql_query("SELECT * FROM myMembers WHERE email='$email' AND password='$pass' AND email_activated='1'"); $login_check = mysql_num_rows($sql); // If login check number is greater than 0 (meaning they do exist and are activated) if($login_check > 0){ while($row = mysql_fetch_array($sql)){ // Pleae note: Adam removed all of the session_register() functions cuz they were deprecated and // he made the scripts to where they operate universally the same on all modern PHP versions(PHP 4.0 thru 5.3+) // Create session var for their raw id $id = $row["id"]; $_SESSION['id'] = $id; // Create the idx session var $_SESSION['idx'] = base64_encode("g4p3h9xfn8sq03hs2234$id"); // Create session var for their username $username = $row["username"]; $_SESSION['username'] = $username; mysql_query("UPDATE myMembers SET last_log_date=now() WHERE id='$id' LIMIT 1"); //die($username); } // close while // Remember Me Section if($remember == "yes"){ $encryptedID = base64_encode("g4enm2c0c4y3dn3727553$id"); setcookie("idCookie", $encryptedID, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days setcookie("passCookie", $pass, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days $_SESSION['username'] = $username; } // All good they are logged in, send them to homepage then exit script //die($_SESSION['username']); $_SESSION['username'] = $username; header("location: index.php?user=$username;"); exit(); } else { // Run this code if login_check is equal to 0 meaning they do not exist $errorMsg = "Incorrect login data, please try again"; } } // Close else after error checks } //Close if (isset ($_POST['uname'])){ ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="icon" href="favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> <link href="style/main.css" rel="stylesheet" type="text/css" /> <script src="js/jquery-1.4.2.js" type="text/javascript"></script> <title>Log In</title> <style type="text/css"> <!-- body { margin-top: 0px; } --> </style></head> <body> <table width="400" align="center" cellpadding="6" style="background-color:#FFF; border:#666 1px solid;"> <form action="login.php" method="post" enctype="multipart/form-data" name="signinform" id="signinform"> <tr> <td width="23%"><font size="+2">Log In</font></td> <td width="77%"><font color="#FF0000"><?php print "$errorMsg"; ?></font></td> </tr> <tr> <td><strong>Email:</strong></td> <td><input name="email" type="text" id="email" style="width:60%;" /></td> </tr> <tr> <td><strong>Password:</strong></td> <td><input name="pass" type="password" id="pass" maxlength="24" style="width:60%;"/></td> </tr> <tr> <td align="right"> </td> <td><input name="remember" type="checkbox" id="remember" value="yes" checked="checked" /> Remember Me</td> </tr> <tr> <td> </td> <td><input name="myButton" type="submit" id="myButton" value="Sign In" /></td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td colspan="2">Forgot your password? <a href="forgot_pass.php">Click Here</a> <br /></td> </tr> <tr> <td colspan="2">Need an Account? <a href="register.php">Click Here</a><br /> <br /></td> </tr> </form> </table> <br /> <br /> <br /> </body> </html> I have an "Email a Friend" form that captures the referring url and saves it in a session. The problem is that if someone decides not to send the form and navigates away from the page, and then decides to email another page, it saves the previous url. How can I have it so that it clears the previous url and uses the new one? Code: [Select] if(!isset($_SESSION['referrer'])){ //get the referrer if ($_SERVER['HTTP_REFERER']){ $referrer = $_SERVER['HTTP_REFERER']; } else{ $referrer = "http://www.mcse-training-classes.com"; } //save it in a session $_SESSION['referrer'] = $referrer; } Hello everyone, By default when someone comes to my site, it is the unencrypted web page (http://www.mydomain.com). I recently purchased a ssl certificate so when a user logs in, their password is encrypted (Posted to https://mydomain.com). Once the form is posted, the session is set and the header("Location: http://www.mydomain.com"); function is executed to bring them back to the unencrypted version of the site. However, now when a user tries to login, my site seems to drop the session when the location is set to the unencrypted version of the site. How do sites go about using a secure login form and running on the regular version of the site? Thanks! weee So I am trying to set my session length, but it doesn't seem to be working. session_set_cookie_params("84600"); session_start(); |
|||||||