Justtechjobs.com Find a programming school near you






Online Campus Both


php-db | 2000121

RE: [PHP-DB] Which unique field to track during a PHP4 Session? From: Doug Semig (dougslist <email protected>)
Date: 12/10/00

I wrote a huge reply, but after all kinds of technical talk, it all boiled
down to this:

o If you're using the info often or on frequently-visited pages,
definately.

o If you use the info every so often, probably.

o If you use the info on a few rarely-visited pages, probably not.

o Stuff that must exist from session-to-session, store in the database and
see the above for whether to store with the session data as well.

So if it's the username and userid, yes, you want to store that with the
session data.

If it's a shopping cart kind of application, and you want to store the
currently selected items in the session data, it depends upon whether you
are willing to lose that information if the user should leave and come back
(perhaps starting a new session). In this case, it may be more desirable
to store the number of items in the shopping cart and the total value of
the items so you can have a blurb on every page, "You have 5 items worth
$100 in your shopping basket" without having to pound the database for
every page to get the info.

See what I mean? Frequently used info, yes. Rarely used info, no.
Anything that must persist across different sessions, yes and no.

Does that make sense?

Doug

At 08:25 PM 12/9/00 -0700, Jason Dwyer wrote:
>Doug-
>
>Thanks for the response.
>
>I guess to be more specific, I am referring to the PHP's Session_Register
>feature. My information from reading is that when posting a form all input
>"Names"
>are automatically converted to variables. This is slick feature that works
>great.
>
>But what if in the pages after the form submission I want to pass one of
>those variables around to all other pages for periodic database select
>queries, etc. I believe I need to actively "export" the variable via the
>"Session_Register(desired variable") command.
>
>Correct? Given this, which of the unique keys should I be passing around
>those other pages?
>
>>1)userid
>>2)username (which is public, seen in message board posts)
>>3) one of the above AND the user's password.
>
>Maybe, it is still the same answer (somehow), but I wanted to clarify.
>
>Thanks a bunch.
>
>-Jason
>
>
>
>-----Original Message-----
>From: Doug Semig [mailto:dougslist <email protected>]
>Sent: Saturday, December 09, 2000 8:08 PM
>To: php-db <email protected>
>Subject: Re: [PHP-DB] Which unique field to track during a PHP4 Session?
>
>
>I'd go with option "4) None of the above."
>
>The only variable you have to pass from page to page is the session ID
>variable. The session features of PHP will save/restore your userid and
>username variables from either disk or database if you've stored them in
>the session data.
>
>Doug
>
>At 05:35 PM 12/9/00 -0700, Jason Dwyer wrote:
>>Hi-
>>
>>I am looking for some security advice with respect to session tracking
>using
>>the PHP4
>>built-in session support. Both the Userid and the Username are unique keys
>>in my database, but
>>only the userid is seen in other related tables.
>>
>>With this in mind, when tracking user sessions from page-to-page throughout
>>my site, what variable is "safest" to
>>pass from page to page, so information can be extracted from the database
>>when required?
>>
>>1)userid
>>2)username (which is public, seen in message board posts)
>>3) one of the above AND the user's password.
>>
>>Thanks for any hints in this area!
>>
>>-jason 

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-db-unsubscribe <email protected>
For additional commands, e-mail: php-db-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>