3 Replies - 547 Views - Last Post: 11 September 2013 - 11:16 AM Rate Topic: -----

#1 Logik22  Icon User is offline

  • D.I.C Head

Reputation: 10
  • View blog
  • Posts: 166
  • Joined: 12-December 11

Trying to understand sessions/cookies

Posted 11 September 2013 - 07:19 AM

I'm trying to understand how to use sessions/cookies. My understanding is that when you create a session it creates a "Session ID". Then it will pass that Session ID to each page so the website knows you are the same person. When passing it to the next page you can either use a cookie or append it to the URL (www.yourwebpage.com/home.php?sid=e2432lkjfdsajfewa ). To my knowledge passing it through the URL should be avoided because it would be easy for someone to get your SID (ex. maybe you send someone a link to a page) and then impersonate you.

Now where I'm having trouble is I'm not sure how to keep a user logged in without appending the URL. I understand that I must use a cookie but I'm not sure how. When I open Chrome and view my cookies (through Privacy settings) I see a PHPSESSID cookie as expected but the value is not the same as my Session ID. I'm also not sure how to link Session ID's with users.

Is This A Good Question/Topic? 0
  • +

Replies To: Trying to understand sessions/cookies

#2 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3577
  • View blog
  • Posts: 10,444
  • Joined: 08-June 10

Re: Trying to understand sessions/cookies

Posted 11 September 2013 - 07:29 AM

Quote

Now where I'm having trouble is I'm not sure how to keep a user logged in without appending the URL. I understand that I must use a cookie but I'm not sure how.

you donít have to yourself. session_start() does it already for you. (ever wondered why there must not be output before session_start()? because session_start() sets the session cookie).

of course you can change that behaviour with the session.xxx settings of the runtime configuration/php.ini
Was This Post Helpful? 0
  • +
  • -

#3 Logik22  Icon User is offline

  • D.I.C Head

Reputation: 10
  • View blog
  • Posts: 166
  • Joined: 12-December 11

Re: Trying to understand sessions/cookies

Posted 11 September 2013 - 07:32 AM

I see in my cookies that it is actually creating the PHPSESSID cookie. However I have 2 concerns...

1) The value it stores in the PHPSESSID cookie is not the same as my session ID.
2) When I navigate to another page it does not keep me logged in. However, if I manually append the Session ID to the URL it will work.

This post has been edited by Logik22: 11 September 2013 - 07:33 AM

Was This Post Helpful? 0
  • +
  • -

#4 Logik22  Icon User is offline

  • D.I.C Head

Reputation: 10
  • View blog
  • Posts: 166
  • Joined: 12-December 11

Re: Trying to understand sessions/cookies

Posted 11 September 2013 - 11:16 AM

I think I got it working a little better. So now it recognizes who is logged in while on other pages without having the SID in the URL. My situation is probably a little weird but I will try to explain it the best I can.

I use PHPBB3 forums as my login method. So I have a regular HTML login area but it submits it to the PHPBB3 code to be authenticated/hashed/etc and then it redirects me to my Home.php. I have that logic here:
http://www.dreaminco...0&#entry1900417

On top of that I have my web page and PHPBB3 forums hosted from home on a QNAP (NAS) so you don't always interact with a NAS the same as you would a network resource hosted by a company.


Anyway, to resolve this issue I went in to my PHPBB3 forums Admin Control Panel. Under the Cookie section I set the forum domain to my external IP, not the internal IP of the QNAP.

https://www.phpbb.co...ookie-settings/

Spoiler

This post has been edited by Dormilich: 11 September 2013 - 11:22 AM

Was This Post Helpful? 0
  • +
  • -

Page 1 of 1