Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Newbie to sessions ques?

Options
  • 09-03-2003 5:35pm
    #1
    RicardoSmith
    Closed Accounts Posts: 8,264 ✭✭✭


    If I want to control users access to a website that I'm creating using php/mysql on IIS, is sessions using cookies the way to go? Anything in particular to look out for?


Comments

  • Options
    #2
    amen
    Registered Users Posts: 2,781 ✭✭✭amen


    not all browsers support cookies or the user could have them turned off.

    you could use the session object to store their username/password and them check on each page


  • Options
    #3
    b3t4
    Closed Accounts Posts: 1,325 ✭✭✭b3t4


    Sessions, oh them were the days.
    Be prepared to have fun and lots of it. :)

    Id also agree with Amen with regard the cookies.

    Read a good bit about them before you start using them otherwise they
    are a right headache. Thats what I found anyways.

    Rgrds,
    A.

    p.s. Have a look at the book "PHP in easy steps" great for noobie stuff.


  • Options
    #4
    RicardoSmith
    Closed Accounts Posts: 8,264 ✭✭✭RicardoSmith


    Umm I had problems with them before on a ASP/MSSQL site I worked on. What I really want to avoid is people being able to bookmark a page and then return to it without logging in again, or indeed passing the url to someone else who can see the page with out logging in. The session object sounds interesting. I'll look that up.


  • Options
    #5
    b3t4
    Closed Accounts Posts: 1,325 ✭✭✭b3t4


    We had a problem similiar to yours.

    We set the session variables when they logged in, easily done when you know how. At the begining of the pages which had restricted access.
    We had some code along the lines of.......

    <?php

    if (session variables are not set) //check php manual onli
    {
    echo ("This site is has restricted access.");
    exit();
    }

    ?>

    If there is different kind of users, we overcame this by checking in the DB to see what kind of user they were and if they were such a thing eg admin, they could get access to that page.

    A.


  • Options
    #6
    mada999
    Registered Users Posts: 7,097 ✭✭✭mada999


    yeah, i used cookies for a web project (asp and sql access) i was doin and i used a session cookie to check if a user was logged in b4 they could access it. It looks like this :

    <%
    'If the session cookie is false or is null then throw them out of the protected area!
    If Session("UserAutorised") = False or IsNull(Session("UserAutorised")) = True then
    'Redirect to unathorised user page
    Response.Redirect"unauthorised_user_page.htm"
    End If
    %>


  • Advertisement
  • Options
    #7
    RicardoSmith
    Closed Accounts Posts: 8,264 ✭✭✭RicardoSmith


    I was hoping to avoid going back to the db for every page just to speed things up. I'm reading up on the session object/variables at the moment. Seems handy enough to implement. I really don't want to have support issues with people with cookies disabled etc.


Advertisement