Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Jun 2002
    Location
    Edinburgh, UK
    Posts
    402
    Thanks
    2
    Thanked 1 Time in 1 Post

    Login Sessions for Mobile Devices

    Hi!

    I'm experiencing some issues with the sessions for my site when browsing the site on a mobile phone/3G dongle.

    At present I use session ids, and I think the issue is with the connection being "dropped" for a split second, where I don't realise it's happened but the session id changes, thus the session (and login) expire.

    What I wanted to find out is what method of login sessions others use when building a mobile site (that requires a login)? Do you just remove the session id? Is there a better way?

    I did think of changing the login entirely for mobile devices, by trying to determine the phones PIN so that a user can specify the device pin and it would be checked if they match a user, the user is automatically logged in. Not entirely sure this is secure, as no doubt it'll be easy enough to bypass.

    Anyway, any thoughts/advice would be greatly appreciated.

    Many thanks in advance.
    Rich

    "An expert is a person who has made all the mistakes that can be made in a very narrow field."

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,472
    Thanks
    8
    Thanked 1,085 Times in 1,076 Posts
    How about if you just determine that a SESSION is set?

    You don't care about the SESSION variable's value,
    just an indication that it is set ... which means the user has
    successfully gone through the login procedure.

    PHP Code:
    <?php
    session_start
    ();
    if(isset(
    $_SESSION['login'])){
    // they are logged-in, so do nothing.
    }
    else{
    // they are NOT logged-in, so kick them out.
    header ("location: index.php");
    }
    ?>

    <html>
    <body>
    The rest of your page here
    </body>
    </html>

    And the login part is where you set that session:
    PHP Code:
    <?php
    session_start
    ();

    // check the login username and password against a database or whatever ...
    if($pass === "blah blah blah"){

    // no matter what the value is ... we only care if it's set later on.
    $_SESSION['login'] = 'sdfjsdkljfkl';

    }

  • #3
    Super Moderator
    Join Date
    Feb 2009
    Location
    England
    Posts
    539
    Thanks
    8
    Thanked 63 Times in 54 Posts
    Sounds like the dropped connection is making the browser treat it as a new session, and delete the session cookie. Stop it being a session cookie by setting the lifetime parameter of session_set_cookie_params:

    http://php.net/manual/en/function.se...kie-params.php
    lamped.co.uk :: Design, Development & Hosting
    marcgray.co.uk :: Technical blog


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •