Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Regular Coder
    Join Date
    Apr 2004
    Posts
    684
    Thanks
    24
    Thanked 1 Time in 1 Post

    Session id's? Need to use?

    I gotta make up a user login system which would be handled with MySQL & session variables obviously but I have seen sites use sessions "ID's"....

    Do I need to use these, if so why? Why not just refer to session variables? Isn't that enough?

    Could anyone explain more on session ID's & how to use them?

  • #2
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    What do you mean?

    To use sessionvariables, you don't need to do anuthing with the sessionID.
    You only need it when you interact with onather system or part of your architecture.
    I use the session_id() quite frequently because i also store it inside db-tables. for instance, if i keep a table with all started session, then i'll include the sessionID inthere. Yoiu can then select the right record like

    $sql="select var from sessiontable where phpsessionID='" . session_id() . "'";

    but inside PHP, i never use it.
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

  • #3
    Regular Coder
    Join Date
    Apr 2004
    Posts
    684
    Thanks
    24
    Thanked 1 Time in 1 Post
    Well I mean like forums for example..

    You have a username & login & then you also have a unique session ID whilst your on the forum.

    For a user login system I gather I could just store all user names & passwords in a MySQL table then verify user & pass when they login & then to find their account data (what to show on the screen etc) I could just use a session variable reference to check the username & then display the appropriate data? Was just wondering about session ID's & how they were used.

  • #4
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    inside your mySQL table, your usertable should not only have the username and pwd, but also a primarey key. After the logindata is validated, you return this PK value ans store it inside a sessionvariable. It is then this PK value that is inserted into all other tables (for instance the table with all posts) to lnk it to the user.

    The username and pwd should never be stored inside sessionvariables.

    The sessionID can only be used for backend stuff, like checking if the user is logged in and getting data from a table like i explained in my previous post.
    I've recently been working on a small feature that enables you to 'pause' an application.
    The sessiondata is then written to the db, along sith the sessionID and then the session is destroyed.
    When the user reactivates the app, i recreate the session with the original sessionID and then i recreate all sessionvariables so that the users can continue his session (even if he didn' use the app for hours).

    You see? It can be used to link to the entry inside the sessiontable or if you are 'dulicating' some of the sessionmanagement functionalitys.

    But inside your application, you shoudl use the db's primary keys from the usertable or sessiontable to get data from all tables (except from the sessiontable)
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

  • #5
    Regular Coder
    Join Date
    Apr 2004
    Posts
    684
    Thanks
    24
    Thanked 1 Time in 1 Post
    The username and pwd should never be stored inside sessionvariables.
    Ok, but if you store these in the database right.. as for the primary key, this has to be set to a certain field correct? I gather you set up an "int" field with an ID for every user & set this to the primary key.

    Now if you wanna referr to their username don't u still have to refer to it in the script? You can't just refer to the primary key as there could be multiple values in that record.

  • #6
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The PK column need to be of a numerical type (like 'int' if you are ambitious enough to expect more then 16.7 miljon users. If you expect less account, then you can use a 'mediumint' or 'smallint' (<-- max value = 65 535)

    An examplesntax

    CREATE TABLE `usertable` (
    `userID` INT (8) UNSIGNED DEFAULT '0' AUTO_INCREMENT,
    `uname` VARCHAR (25) NOT NULL,
    `upwd` VARCHAR (35) NOT NULL,
    `nick` VARCHAR (35) DEFAULT 'user',
    PRIMARY KEY(`userID`), UNIQUE(`uname`),
    INDEX(`userID`,`uname`,`upwd`))
    COMMENT = "The table with your applications useraccounts"

    Now if you wanna referr to their username don't u still have to refer to it in the script? You can't just refer to the primary key as there could be multiple values in that record.
    If you need user data like the username or the nickname they choose (much better to seperate the two), then you run a select for it. There is no point to store all data that you could need somewhere in your app inside a sessionvariable. If you have the PK of the usertable, then you can quickly lookup the userdata. Like

    $sql="select nick from usertable where userID=" . $_SESSION['uid'] ;

    don't be afraid to run selects on your db. Such simple ones like this one have about no impact at all on your responsetimes or db-load.
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

  • #7
    Regular Coder
    Join Date
    Apr 2004
    Posts
    684
    Thanks
    24
    Thanked 1 Time in 1 Post
    Ok cheers for the info, I'll see how I go!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •