PHP and Sessions

**jack** · Jul 17 '05, 12:20 AM

Re: PHP and Sessions

127.0.0.1 wrote:[color=blue]
> How should I approach this ?[/color]

Php manual says:

use either this:

$barney = "A big purple dinosaur.";
session_registe r("barney");

or this:

$_SESSION["zim"] = "An invader from another planet.";

but NOT both :)

IMHO, $_SESSION is easier to use. Just use it like normal variable, remember
to start a session on top of page, and you'll have no confusion about which
var is session and which isn't.

--- --- --- --- --- --- ---
jack@croatiabiz .com

**127.0.0.1** · Jul 17 '05, 12:20 AM

Re: PHP and Sessions

jack wrote:
[color=blue]
> IMHO, $_SESSION is easier to use. Just use it like normal variable,
> remember to start a session on top of page, and you'll have no
> confusion about which var is session and which isn't.[/color]

I want to use $_SESSION to access the information, but am concerned
about supposed security issues.

I need to have the variables assigned to/from normal variables though
.... so I'd have to assign $_SESSION['x'] to/from $x at some point.

--
Spam:newsgroup( at)craznar.com@ verisign-sux-klj.com
EMail:<01100011 001011100110001 001110101011100 10011010110
110010101000000 011000110111001 001100001011110 10011011100
110000101110010 001011100110001 101101111011011 0100100000>

**KAH** · Jul 17 '05, 12:20 AM

Re: PHP and Sessions

"127.0.0.1" <newsgroup(at)c raznar.com@veri sign-sux-ijlkl.com> wrote in
news:gRbfb.1345 87$bo1.54967@ne ws-server.bigpond. net.au:
[color=blue]
> I want to use $_SESSION to access the information, but am concerned
> about supposed security issues.[/color]

What security issues? The only way to manipulate session data is if you use
register_global s.
[color=blue]
> I need to have the variables assigned to/from normal variables though
> ... so I'd have to assign $_SESSION['x'] to/from $x at some point.[/color]

Why? $_SESSION is a superglobal, you can *always* access it.

KAH

**KAH** · Jul 17 '05, 12:20 AM

Re: PHP and Sessions

"jack" <jack@croatiabi z.com> wrote in news:bljfqf$dd0 $1@ls219.htnet. hr:
[color=blue]
> use either this:
>
> $barney = "A big purple dinosaur.";
> session_registe r("barney");
>
> or this:
>
> $_SESSION["zim"] = "An invader from another planet.";
>
> but NOT both :)[/color]

To be accurate, you can only use session_registe r() if you have
register_global s enabled, which you should never have.

KAH

**Phil Roberts** · Jul 17 '05, 12:20 AM

Re: PHP and Sessions

With total disregard for any kind of safety measures KAH
<kah@kahnews.cj b.net> leapt forth and uttered:
[color=blue]
> What security issues? The only way to manipulate session data is
> if you use register_global s.[/color]

Errrr... what?

The only way to manipulate session data using the session_ functions
is if register_global s is enabled.

If it isn't you just use the $_SESSION superglobal. Which is
available regardless of how register_global s is set.

--
There is no signature.....

**127.0.0.1** · Jul 17 '05, 12:21 AM

Re: PHP and Sessions

Phil Roberts wrote:
[color=blue]
> If it isn't you just use the $_SESSION superglobal. Which is
> available regardless of how register_global s is set.[/color]

But how do I guarantee return of my $xxx variable back into the
$_SESSION['xxx'] super-global before the end of the script.

--
Spam:newsgroup( at)craznar.com@ verisign-sux-klj.com
EMail:<01100011 001011100110001 001110101011100 10011010110
110010101000000 011000110111001 001100001011110 10011011100
110000101110010 001011100110001 101101111011011 0100100000>

**127.0.0.1** · Jul 17 '05, 12:21 AM

Re: PHP and Sessions

KAH wrote:
[color=blue]
> To be accurate, you can only use session_registe r() if you have
> register_global s enabled, which you should never have.[/color]

Which brings me back to the original problem .... how do I insure that
my $xxx variable is stored back in $_SESSION['xxx'] before the script
execution ends (for what ever reason).

--
Spam:newsgroup( at)craznar.com@ verisign-sux-klj.com
EMail:<01100011 001011100110001 001110101011100 10011010110
110010101000000 011000110111001 001100001011110 10011011100
110000101110010 001011100110001 101101111011011 0100100000>

**Bruno Desthuilliers** · Jul 17 '05, 12:21 AM

Re: PHP and Sessions

127.0.0.1 wrote:[color=blue]
> Phil Roberts wrote:
>
>[color=green]
>>If it isn't you just use the $_SESSION superglobal. Which is
>>available regardless of how register_global s is set.[/color]
>
>
> But how do I guarantee return of my $xxx variable back into the
> $_SESSION['xxx'] super-global before the end of the script.
>[/color]

$_SESSION['xxx'] = $xxx;

What's the trouble ?

**127.0.0.1** · Jul 17 '05, 12:21 AM

Re: PHP and Sessions

Bruno Desthuilliers wrote:
[color=blue]
> 127.0.0.1 wrote:[color=green]
> > Phil Roberts wrote:[color=darkred]
> > > > > If it isn't you just use the $_SESSION superglobal. Which is
> > > > > >>available regardless of how register_global s is set.
> > > > But how do I guarantee return of my $xxx variable back into the[/color]
> > $_SESSION['xxx'] super-global before the end of the script.
> >[/color]
> $_SESSION['xxx'] = $xxx;
>
> What's the trouble ?[/color]

Where does one put that line of code to ensure it is always executed
before the script ends - in any of the ways it can end.

Is there an 'onexit' call back that gets called before the script exits
?

The top of a PHP script will always be executed, but the bottom may not.

--
Spam:newsgroup( at)craznar.com@ verisign-sux-klj.com
EMail:<01100011 001011100110001 001110101011100 10011010110
110010101000000 011000110111001 001100001011110 10011011100
110000101110010 001011100110001 101101111011011 0100100000>

**Matthias Esken** · Jul 17 '05, 12:21 AM

Re: PHP and Sessions

"127.0.0.1" <newsgroup(at)c raznar.com@veri sign-sux-ijlkl.com> schrieb:
[color=blue]
> Which brings me back to the original problem .... how do I insure that
> my $xxx variable is stored back in $_SESSION['xxx'] before the script
> execution ends (for what ever reason).[/color]

I think register_shutdo wn_function() should do the trick.

But why do you have to use a variable like $xxx? Why can't you use
$_SESSION['xxx'] all the time?

Regards,
Matthias

**127.0.0.1** · Jul 17 '05, 12:21 AM

Re: PHP and Sessions

Matthias Esken wrote:
[color=blue][color=green]
> > Which brings me back to the original problem .... how do I insure
> > that my $xxx variable is stored back in $_SESSION['xxx'] before the
> > script execution ends (for what ever reason).[/color]
>
> I think register_shutdo wn_function() should do the trick.[/color]

Thanks...

[color=blue]
>
> But why do you have to use a variable like $xxx? Why can't you use
> $_SESSION['xxx'] all the time?[/color]

To do with templating and stuff which I am doing..

--
Spam:newsgroup( at)craznar.com@ verisign-sux-klj.com
EMail:<01100011 001011100110001 001110101011100 10011010110
110010101000000 011000110111001 001100001011110 10011011100
110000101110010 001011100110001 101101111011011 0100100000>

**Phil Roberts** · Jul 17 '05, 12:21 AM

Re: PHP and Sessions

With total disregard for any kind of safety measures "127.0.0.1"
<newsgroup(at)c raznar.com@veri sign-sux-ijlkl.com> leapt forth and
uttered:
[color=blue]
> Is there an 'onexit' call back that gets called before the
> script exits ?
>
> The top of a PHP script will always be executed, but the bottom
> may not.
>[/color]

http://uk2.php.net/register_shutdown_function

--
There is no signature.....

**KAH** · Jul 17 '05, 12:21 AM

Re: PHP and Sessions

Phil Roberts <philrob@HOLYfl atnetSHIT.net> wrote in
news:Xns9409B0A A7E2EBphilrober ts@216.196.97.1 32:
[color=blue]
> The only way to manipulate session data using the session_ functions
> is if register_global s is enabled.
>
> If it isn't you just use the $_SESSION superglobal. Which is
> available regardless of how register_global s is set.[/color]

I guess I wasn't precise enough; what I meant was that the only way for a
user to manipulate the session data (which they shouldn't be allowed to do
directly) is if r_g is on.

KAH

**127.0.0.1** · Jul 17 '05, 12:21 AM

Re: PHP and Sessions

KAH wrote:
[color=blue]
> which they shouldn't be allowed to do
> directly[/color]

I keep hearing this .... and I keep asking - Why ?

What is wrong with session_registe r('X'); $X = 'abc';

--
Spam:newsgroup( at)craznar.com@ verisign-sux-klj.com
EMail:<01100011 001011100110001 001110101011100 10011010110
110010101000000 011000110111001 001100001011110 10011011100
110000101110010 001011100110001 101101111011011 0100100000>

PHP and Sessions

PHP and Sessions

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment