session handling using classes n objects

**Saul** · Dec 5 '06, 10:15 AM

Re: session handling using classes n objects

viz wrote:

i have written a class for session handling, and i want to use it to
keep track of the user.
After authenticating the user in login page i am storing the session
info like uname etc.. in a object of session class. I am creating this
object in the login page.
Now how can i make this object persist between subsequent page
requests. and i dont want to use GET method.
Is it sensible to use hidden fields OR will i have to create a new
session object in each page???

To make an object persist between page calls you will have to save it
somewhere. Depending on the complexity you will probably use $_SESSION
variables and optionally save data to a file or database that will be
read by each page view. To access the $_SESSION variables a session ID
is held on the client computer either in a cookie or in the URL as a
$_GET variable (it's simply a session reference ID).

If you use hidden fields on forms then the data will be visible to
users using view source, and therefore can compromise security for
example someone creating a fake set of hidden variables.

If you read up on PHP sessions it will help you get where you want to
go.

Saul

Notanant on Notanant

https://www.notanant.com

Notanant on Notanant. A feature-rich Notanant web site for Notanant, which has a highly flexible web-publisher with features for private access and member management, on-line shops and e-commerce and social networking and web2.0 facilities. Notanant is ideal for complex corporate sites, easy-to-manage business sites or online information databases or websites for communities .

Communities of websites

**viz** · Dec 5 '06, 10:35 AM

Re: session handling using classes n objects

well i am not using database;

and i am also not using session handling functions like
session_registe r and session_start Directly.
i have implemented them using a session class and i am setting and
retrieving session variables by using object of the session class.
the problem i am facing is that as long as i use the session class
object in a single page it is fine but what should i do in order to
make that object accessible in other pages so that i may check the
authenticity of user, using functions on the same object.
hop i m clear this time.

Thanx

**no@emails.thx** · Dec 5 '06, 11:05 AM

Re: session handling using classes n objects

On 5 Dec 2006 02:53:42 -0800, "viz" <vijayjoshi4u@g mail.comwrote:

>well i am not using database;
>
>and i am also not using session handling functions like
>session_regist er and session_start Directly.
>i have implemented them using a session class and i am setting and
>retrieving session variables by using object of the session class.
>the problem i am facing is that as long as i use the session class
>object in a single page it is fine but what should i do in order to
>make that object accessible in other pages so that i may check the
>authenticity of user, using functions on the same object.
>hop i m clear this time.

This sounds like circular logic and I'm tempted to ask why you want to
complicate the use of sessions by making a class that you then have to
hold in a normal $_SESSION[] variable?

To make data 'persist' between pages choose one of the following:
1. hold it is a database (but you're not doing that)
2. hold it in cookies (but this can be switched off by the user)
3. hold it in sessions.

For something as simple as holding a userid I'd just create a
$_SESSION['userid'] variable on successful login and refer to it later
in the code by name.

I can understand creating classes for managing complex data structures
(eg. database records etc) but from what you have said so far I don't
think it warrants it in your case. :o)

Chris R.

**viz** · Dec 5 '06, 11:35 AM

Re: session handling using classes n objects

On Dec 5, 4:28 pm, n...@emails.thx wrote:

On 5 Dec 2006 02:53:42 -0800, "viz" <vijayjosh...@g mail.comwrote:
>

well i am not using database;

>

and i am also not using session handling functions like
session_registe r and session_start Directly.
i have implemented them using a session class and i am setting and
retrieving session variables by using object of the session class.
the problem i am facing is that as long as i use the session class
object in a single page it is fine but what should i do in order to
make that object accessible in other pages so that i may check the
authenticity of user, using functions on the same object.
hop i m clear this time.This sounds like circular logic and I'm tempted to ask why you want to

complicate the use of sessions by making a class that you then have to
hold in a normal $_SESSION[] variable?
>
To make data 'persist' between pages choose one of the following:
1. hold it is a database (but you're not doing that)
2. hold it in cookies (but this can be switched off by the user)
3. hold it in sessions.
>
For something as simple as holding a userid I'd just create a
$_SESSION['userid'] variable on successful login and refer to it later
in the code by name.
>
I can understand creating classes for managing complex data structures
(eg. database records etc) but from what you have said so far I don't
think it warrants it in your case. :o)
>
Chris R.

Thanx Chris,
that was what i wanted to know. i am new to PHP5 thats why i was
searching 4 the most feasible way.
I have one more query....if u dont mind.

when i am running my application on Firefox and if i login then the
same session is getting duplicated if i open another tab. Although if i
run the program on Firefox and IE simultaneously then 2 distinct
sessions are being created.
Is it normal??? How can it be explained??
Currently i m playing with a small application but soon i think i will
have to make use of databases for user management. Can u give some
insight into that also.

Thanx again
Josh

**no@emails.thx** · Dec 5 '06, 12:35 PM

Re: session handling using classes n objects

On 5 Dec 2006 03:54:10 -0800, "viz" <vijayjoshi4u@g mail.comwrote:

>On Dec 5, 4:28 pm, n...@emails.thx wrote:

>On 5 Dec 2006 02:53:42 -0800, "viz" <vijayjosh...@g mail.comwrote:
>>

>well i am not using database;

>>

>and i am also not using session handling functions like
>session_regist er and session_start Directly.
>i have implemented them using a session class and i am setting and
>retrieving session variables by using object of the session class.
>the problem i am facing is that as long as i use the session class
>object in a single page it is fine but what should i do in order to
>make that object accessible in other pages so that i may check the
>authenticity of user, using functions on the same object.
>hop i m clear this time.This sounds like circular logic and I'm tempted to ask why you want to

>complicate the use of sessions by making a class that you then have to
>hold in a normal $_SESSION[] variable?
>>
>To make data 'persist' between pages choose one of the following:
>1. hold it is a database (but you're not doing that)
>2. hold it in cookies (but this can be switched off by the user)
>3. hold it in sessions.
>>
>For something as simple as holding a userid I'd just create a
>$_SESSION['userid'] variable on successful login and refer to it later
>in the code by name.
>>
>I can understand creating classes for managing complex data structures
>(eg. database records etc) but from what you have said so far I don't
>think it warrants it in your case. :o)
>>
>Chris R.

>
>
>Thanx Chris,
>that was what i wanted to know. i am new to PHP5 thats why i was
>searching 4 the most feasible way.
>I have one more query....if u dont mind.
>
>when i am running my application on Firefox and if i login then the
>same session is getting duplicated if i open another tab. Although if i
>run the program on Firefox and IE simultaneously then 2 distinct
>sessions are being created.
>Is it normal??? How can it be explained??
>Currently i m playing with a small application but soon i think i will
>have to make use of databases for user management. Can u give some
>insight into that also.

My understanding of sessions is that the lifetime of the session is
within the browser being run ... 2 browsers would have a session each
.... close the browser and open it again and you get another session
.... run 2 tabs in the same browser and they share the same session. (I
think)

Chris R.

**Saul** · Dec 5 '06, 01:35 PM

Re: session handling using classes n objects

viz wrote:

when i am running my application on Firefox and if i login then the
same session is getting duplicated if i open another tab. Although if i
run the program on Firefox and IE simultaneously then 2 distinct
sessions are being created.
Is it normal??? How can it be explained??
Currently i m playing with a small application but soon i think i will
have to make use of databases for user management. Can u give some
insight into that also.

The session variable is being held in a cookie in this case. Each of
the different browsers holds cookies separately hence two sessions with
two browsers open. If you are within a single browser the same cookie
is used, hence one cookie.

Saul

Notanant on Notanant

https://www.notanant.com

Notanant on Notanant. A feature-rich Notanant web site for Notanant, which has a highly flexible web-publisher with features for private access and member management, on-line shops and e-commerce and social networking and web2.0 facilities. Notanant is ideal for complex corporate sites, easy-to-manage business sites or online information databases or websites for communities .

Communities of websites

**iulian.ilea** · Dec 5 '06, 01:45 PM

Re: session handling using classes n objects

no@emails.thx wrote:

On 5 Dec 2006 03:54:10 -0800, "viz" <vijayjoshi4u@g mail.comwrote:

On Dec 5, 4:28 pm, n...@emails.thx wrote:

On 5 Dec 2006 02:53:42 -0800, "viz" <vijayjosh...@g mail.comwrote:
>
well i am not using database;
>
and i am also not using session handling functions like
session_registe r and session_start Directly.
i have implemented them using a session class and i am setting and
retrieving session variables by using object of the session class.
the problem i am facing is that as long as i use the session class
object in a single page it is fine but what should i do in order to
make that object accessible in other pages so that i may check the
authenticity of user, using functions on the same object.
hop i m clear this time.This sounds like circular logic and I'm tempted to ask why you want to
complicate the use of sessions by making a class that you then have to
hold in a normal $_SESSION[] variable?
>
To make data 'persist' between pages choose one of the following:
1. hold it is a database (but you're not doing that)
2. hold it in cookies (but this can be switched off by the user)
3. hold it in sessions.
>
For something as simple as holding a userid I'd just create a
$_SESSION['userid'] variable on successful login and refer to it later
in the code by name.
>
I can understand creating classes for managing complex data structures
(eg. database records etc) but from what you have said so far I don't
think it warrants it in your case. :o)
>
Chris R.

Thanx Chris,
that was what i wanted to know. i am new to PHP5 thats why i was
searching 4 the most feasible way.
I have one more query....if u dont mind.

when i am running my application on Firefox and if i login then the
same session is getting duplicated if i open another tab. Although if i
run the program on Firefox and IE simultaneously then 2 distinct
sessions are being created.
Is it normal??? How can it be explained??
Currently i m playing with a small application but soon i think i will
have to make use of databases for user management. Can u give some
insight into that also.

>
My understanding of sessions is that the lifetime of the session is
within the browser being run ... 2 browsers would have a session each
... close the browser and open it again and you get another session
... run 2 tabs in the same browser and they share the same session. (I
think)
>
Chris R.

Chris, you are right. The session is stored by window not by tab.

**no@emails.thx** · Dec 5 '06, 02:25 PM

Re: session handling using classes n objects

On 5 Dec 2006 06:02:10 -0800, "iulian.ile a" <iulian.ilea@gm ail.com>
wrote:

>
>no@emails.th x wrote:

>On 5 Dec 2006 03:54:10 -0800, "viz" <vijayjoshi4u@g mail.comwrote:

>On Dec 5, 4:28 pm, n...@emails.thx wrote:
>On 5 Dec 2006 02:53:42 -0800, "viz" <vijayjosh...@g mail.comwrote:
>>
>well i am not using database;
>>
>and i am also not using session handling functions like
>session_regist er and session_start Directly.
>i have implemented them using a session class and i am setting and
>retrieving session variables by using object of the session class.
>the problem i am facing is that as long as i use the session class
>object in a single page it is fine but what should i do in order to
>make that object accessible in other pages so that i may check the
>authenticity of user, using functions on the same object.
>hop i m clear this time.This sounds like circular logic and I'm tempted to ask why you want to
>complicate the use of sessions by making a class that you then have to
>hold in a normal $_SESSION[] variable?
>>
>To make data 'persist' between pages choose one of the following:
>1. hold it is a database (but you're not doing that)
>2. hold it in cookies (but this can be switched off by the user)
>3. hold it in sessions.
>>
>For something as simple as holding a userid I'd just create a
>$_SESSION['userid'] variable on successful login and refer to it later
>in the code by name.
>>
>I can understand creating classes for managing complex data structures
>(eg. database records etc) but from what you have said so far I don't
>think it warrants it in your case. :o)
>>
>Chris R.
>
>
>Thanx Chris,
>that was what i wanted to know. i am new to PHP5 thats why i was
>searching 4 the most feasible way.
>I have one more query....if u dont mind.
>
>when i am running my application on Firefox and if i login then the
>same session is getting duplicated if i open another tab. Although if i
>run the program on Firefox and IE simultaneously then 2 distinct
>sessions are being created.
>Is it normal??? How can it be explained??
>Currently i m playing with a small application but soon i think i will
>have to make use of databases for user management. Can u give some
>insight into that also.

>>
>My understanding of sessions is that the lifetime of the session is
>within the browser being run ... 2 browsers would have a session each
>... close the browser and open it again and you get another session
>... run 2 tabs in the same browser and they share the same session. (I
>think)
>>
>Chris R.

>
>Chris, you are right. The session is stored by window not by tab.

Thanks for the confirmation :o)

Of course, I forgot to say that the life-time of the session is also
dependent on the configured lifetime of the session/cookies on the
server too.

Chris R.

**Curtis** · Dec 7 '06, 07:35 AM

Re: session handling using classes n objects

Currently i m playing with a small application but soon i think i will

have to make use of databases for user management. Can u give some
insight into that also.

Well, how to go about properly and securely managing databases (I
assume you mean a relational database, like MySQL) can fill a book, and
I believe authors have, indeed, done so. I'm sure people here will be
more than willing to help you along the way, but I would suggest that
you first do some research online or by reading current books on the
issue. The examples on php.net's documentation uses good, secure code,
but you'll want to search out articles on sites like sitepoint, which,
as far as I know, is a place which uses good quality code. You need to
watch out for articles, which features code that doesn't escape user
input, which can lead to SQL injection (visitors crafting arbitrary SQL
queries through input, whether from the query string or POSTed from a
different script altogether). In PHP, for MySQL, you will notice the
mysql_real_esca pe_string function. There are similar functions for
other databases. The mysqli extension even lets you use prepared
statements, if I'm not mistaken.

So, again, you'll want to do some research on this topic, especially if
you plan on deploying your project in the public domain.

Curtis

session handling using classes n objects

session handling using classes n objects

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment