Site Links
Home
Features
Documentation
Pricing & Order
Members Area
Support Options
UBBDev.com
UBBWiki.com
Who's Online Now
1 registered members (M4TT), 73 guests, and 218 spiders.
Key: Admin, Global Mod, Mod
Member Spotlight
whk
whk
Portsmouth, RI
Posts: 91
Joined: January 2009
Show All Member Profiles 
Top Posters(30 Days)
isaac 22
Ruben 10
Gizmo 8
Geoff 3
Morgan 3
FREAK 2
Slaz 2
DennyP 1
Latest Photos
Test
Testing to drag photos
Comfortable Cats
Test
BSA photos
Previous Thread
Next Thread
Print Thread
Page 1 of 2 1 2
Session support? #33669
10/17/00 04:16 PM
10/17/00 04:16 PM
A
Anonymous OP
Unregistered

Another cool feature of php4 is built in session support. This could open the doors for a lot of neat features like the my.wwwthreads idea and more.

Will you be using sessions? Have you thought about the possibilities it brings? Im sure others can come up with more as well.

Will

Re: Session support? #33670
10/17/00 07:54 PM
10/17/00 07:54 PM
R
Rick  Offline
Former Developer
Joined: Jun 2006
Posts: 10,177
Aberdeen, WA
No sessions in the initial port. Sessions, basically work via cookies or temp files and with the way WWWThreads is setup it actually is basically a session once you login. Every script knows who you are, so we can track and display any type of info for a particular user.

---
Scream
<A HREF="http://www.wcsoft.net" target="_new">http://www.wcsoft.net</A>

Re: Session support? #33671
10/19/00 03:51 AM
10/19/00 03:51 AM
A
Anonymous OP
Unregistered

I really DISLIKE the feature of w3t saving my username, password, language, and some other variable in a cookie. I'm not really against cookies but there are some browsers that do throw fits when another part of the web site attempts to set a cookie with a different directory (w3t specifies it's own directory so I can't just set mine to path=/). All I have been able to tell these users is to upgrade to the latest browser version. Session support would fix this. Sessions are increbibly easy to support Scream, they're functionality is pretty much the same as your cookies all you would need is 1 function call at the top of your page and replacing your setcookie() call with session_register(). Also people with cookies disabled and people with old computers could access w3t because it would use append the session ID to the end of the URL instead of via a cookie.

For those who are interested, I'll release a hack for session support as soon as I see the PHP version of w3t.

Finally I'll be making hacks by the hundreds for w3t because it's finally in PHP a language I like unlike Perl (which should be banned by the U.N. from being used or something like that) <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" />

Re: Session support? #33672
10/19/00 10:45 AM
10/19/00 10:45 AM
R
Rick  Offline
Former Developer
Joined: Jun 2006
Posts: 10,177
Aberdeen, WA
The one thing I haven't figured out about sessions, and one of the main reasons I haven't used it yet. Alot of people don't like to have to log in every time they come to visit the forums. From what I have read so far, essions are only for that current browser session. So, users would have to login each time they visited, correct? Also, I haven't come across where you specify to store the session variables, cookies, temp files, etc. Any help would be appreciated. If there really is a benefit to using sessions, then I would use them.

---
Scream
<A HREF="http://www.wcsoft.net" target="_new">http://www.wcsoft.net</A>

Re: Session support? #33673
10/19/00 10:49 AM
10/19/00 10:49 AM
R
Rick  Offline
Former Developer
Joined: Jun 2006
Posts: 10,177
Aberdeen, WA
As a followup, I know some of the session info can be set in the php.ini file. Since alot of users will be on a hosted machine do you know if there is a way to set this in a required file, like the main.inc.php that I will use for all functions?

---
Scream
<A HREF="http://www.wcsoft.net" target="_new">http://www.wcsoft.net</A>

Re: Session support? #33674
10/19/00 01:03 PM
10/19/00 01:03 PM
R
Rick  Offline
Former Developer
Joined: Jun 2006
Posts: 10,177
Aberdeen, WA
Replying to myself. I got all of this figured out. Have moved all ported scripts over to support sessions. Seems to work fine and dandy.

---
Scream
<A HREF="http://www.wcsoft.net" target="_new">http://www.wcsoft.net</A>

Re: Session support? #33675
10/19/00 01:15 PM
10/19/00 01:15 PM
R
Rick  Offline
Former Developer
Joined: Jun 2006
Posts: 10,177
Aberdeen, WA
Blah, scratch that. While I do have sessions working, they don't cross browser sessions. Which means users will have to login upon each visit. Unless we store a username and password cookie, which bypasses the whole need for sessions in the first place:rolleyes:

---
Scream
<A HREF="http://www.wcsoft.net" target="_new">http://www.wcsoft.net</A>

Re: Session support? #33676
10/19/00 01:55 PM
10/19/00 01:55 PM
A
Anonymous OP
Unregistered

Are sessions any faster than using cookies? (You don't have to keep reading a file from the users system right?)

Why not grab the cookie if a session hasn't been created, and then from that point track the user with the session instead of the cookie, until the session expires?

Cant you do persistent db connections with sessions or some junk like that also? That would be cool. Or are you already doing that?

Actually.. I think it would be a bad idea to use sessions.. Those can bring down servers if you get a lot of hits (atleast they do in ASP).. I would just stick to using cookies.

------------------------------------------------
Jeremy 'PeelBoy' Amberg

Re: Session support? #33677
10/19/00 02:14 PM
10/19/00 02:14 PM
R
Rick  Offline
Former Developer
Joined: Jun 2006
Posts: 10,177
Aberdeen, WA
I don't really think there is a speed benefit. Your cookies are automatically sent with every request to the site, so there really isn't much going on there.

The only reason I can think of to use sessions would be so you don't have to use cookies. So, if we are going to use cookies at all then there really isn't a need for sessions.

You can do persistant connections with PHP, no need for sessions for this. Don't have the variable put into the config yet, but it will be.

There would be quite a bit of file I/O on heavy traffic sites if sessions are used. Right now I'm just going to port with the cookies until I gain more knowledge in this area and can see a real benefit.

---
Scream
<A HREF="http://www.wcsoft.net" target="_new">http://www.wcsoft.net</A>

Re: Session support? #33678
10/19/00 02:20 PM
10/19/00 02:20 PM
A
Anonymous OP
Unregistered

oh that's right.. duh wtf was I thinking (about cookies being sent in the headers..)

Ok here's what I say you do.. People who don't use cookies are screwed basically right? So when the user logs in give them the option to pick cookies or sessions.. sessions are temporary for that browser session and cookies last longer..

That way people who refuse to turn cookies on can still browse the forum.. (they don't have to login for every post or what not)

or is it possible to tell if user has cookies turned off? if so just check and if they do.. use a session to track them once they login or something.. that way cookies are used when they can be, but if not then seesions are used instead..?

just some ideas hehe..

------------------------------------------------
Jeremy 'PeelBoy' Amberg

Re: Session support? #33679
10/19/00 02:39 PM
10/19/00 02:39 PM
A
Anonymous OP
Unregistered

I like PeelBoy's suggestion.

I see no need to move everyone to sessions, just those who can't/won't use cookies.

It's a simple matter to tell if a user is accepting cookies--attempt to set a test cookie, refresh to another page that checks if that cookie was actually set. If it was, continue as normal, if not, switch over to sessions.

That gives the cookie-less people an almost identical experience to the rest of us. I suppose you could have an option somewhere of "cookies or sessions", but I don't think that's really necessary--if someone doesn't want to use cookies, they can just turn them off themselves.

Re: Session support? #33680
10/19/00 02:46 PM
10/19/00 02:46 PM
A
Anonymous OP
Unregistered

I personally don't understand people who don't use cookies. Everyone _can_ use cookies...it's been in since Netscape 1.1. Unless they're using Lynx or something similar (which still supports cookies, I think)...
Regardless...cookies are so entirely harmless, that I have no pity for anyone who doesn't use them. It's a wonderful way to use functions like w3t and it doesn't store anything that wasn't available to the site in the first place.
Since sessions are only once per browser session, they really do the user almost no good! The only thing they do for the user is...well...nothing! You still have to login every time you come to the site, and the best way to handle the user being logged in or not is with cookies. Unless someone can come up with any good reason not to use cookies, I see no reason to spend even a minute on sessions...

Flame away, privacy advocates! <img border="0" title="" alt="[Wink]" src="images/icons/wink.gif" />

Re: Session support? #33681
10/20/00 03:00 AM
10/20/00 03:00 AM
A
Anonymous OP
Unregistered

I agree and disagree..

Cookies are great.. I like them a lot..

But yes they can be insecure..

Outside apps that you run on your computer -can- look at cookies and possibly find information..

Also.. A while back I wrote a .js file that could be included in a post on this forum.. It would pull your user name and password, then create an image tag pointing to a cgi script on my server (with a query string that contained the user name and password) From there it could store everybody's user name and password into a database (I just wanted to see if it worked.. it did.. so I reported it as a bug and deleted the scripts)


Althought cookies aren't a -bad- thing.. some people are silly and think they are.... For those people it would be nice to have sessions.. Your right that sessions work in just one instance of your browser, but that isn't a bad thing.. you have to login every time you close the browser, but atleast you can post messages on the forum if anon users is turned off.. with out cookies you can't I don't think (or if you can, you have to login every time!!)...Also people could see you in the who's online list etc.. with out sessions or cookies you are basically an anonymous user.. which means you might not have as many options as a use who is logged in........

Oh and like a33 says above.. Cookies are used a lot for tracking users.. I know this for a fact because the company I -use- to work for (coremetrics.com) tracks users with a cookie.

------------------------------------------------
Jeremy 'PeelBoy' Amberg<P ID="edit"><FONT SIZE=-1><EM>Edited by PeelBoy on 10/19/00 12:12 PM.</EM></FONT>

Re: Session support? #33682
10/20/00 03:03 AM
10/20/00 03:03 AM
A
Anonymous OP
Unregistered

LoneWolf,

I think there is a definite privacy risk involved with cookie use. I'm not paranoid or anything, but I think most of us know by now that advertising companies profile us, greatly through the use of cookies.

I don't have any problem with "regular" cookies, ones that are actually meant to make things easier (like the ones for W3T). It's the 3rd party cookies that I try and avoid like the plague. If you've ever set your browser to prompt you for cookies before accepting, you'll know what I'm talking about. You go somehwere like msn.com and see cookies being sent from all these different ad company domains. Hmmmm... I wonder what they're doing? I'm sure there's a "good" reason why those cookies need to be sent to me, right? I don't think so...

If anyone wants to see a browser with outstanding cookie filtering options, check out Opera 4.0. I swear by it now and wouldn't consider switching back to anything else. You can set it to block all cookies, block just certain domain cookies, accept only certain domain cookies, block 3rd party cookies, etc. It's just perfect.

I have it prompt me for all domains that I haven't already setup a filter for. When new domains come in, I set them to either be accepted or blocked from that point on. The first week or so of doing this, I got prompted all the time, but now 90% of the sites I visit regularly have been recorded one way or another, so I rarely get asked about cookies now. And of course, every ad company's domain I've ever come across has been blocked--if you do just that, you'd be amazed at the amount of cookies that are wiped out.

Even without the cookie filtering, Opera's a great little browser--speedy too.

Re: Session support? #33683
10/20/00 03:10 AM
10/20/00 03:10 AM
R
Rick  Offline
Former Developer
Joined: Jun 2006
Posts: 10,177
Aberdeen, WA
Ok, what I am doing is making this an option on a per site basis. If you have access to your own php.ini file and you choose to use sessions, you could set it so the session id is stored in a cookie and is persistant so they won't have to log in each time. If you don't have access to your own php.ini file and you don't want your users to have to login each time then you could use cookies for the default tracking method.

---
Scream
<A HREF="http://www.wcsoft.net" target="_new">http://www.wcsoft.net</A>

Re: Session support? #33684
10/20/00 03:33 AM
10/20/00 03:33 AM
A
Anonymous OP
Unregistered

As far as the outside apps, that would be what I would call a "bad" app <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" /> ..one that searches your HD for cookies? That program wouldn't get used by very many people, and if it did, I would call it a virus. That's not an insecurity of cookies...it's an issue with virus type software.
As far as the JS, I saw that, and it's interesting, and as you mentioned, a bug that w3t even allowed it. Again...not a cookie problem.

Re: Session support? #33685
10/20/00 03:35 AM
10/20/00 03:35 AM
A
Anonymous OP
Unregistered

Oooh...almost forgot...as far as tracking users...you can only track them on your own site!! Not very useful, except for improving the site you go to! <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" />
BTW...it's very easy to enable cookies in people's browsers. <img border="0" title="" alt="[Wink]" src="images/icons/wink.gif" />

Re: Session support? #33686
10/20/00 03:37 AM
10/20/00 03:37 AM
A
Anonymous OP
Unregistered

How can it be a privacy risk? They can't get any information from you that you didn't give them/they are able to read anyway! They can track you only in their own site...they can't monitor your overall web activity. The best they can get if you don't put any info in is your IP, browser, etc....not like they're invading your privacy!

Re: Session support? #33687
10/20/00 03:38 AM
10/20/00 03:38 AM
A
Anonymous OP
Unregistered

Nice solution. <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" /> I just like starting fights sometimes <img border="0" title="" alt="[Wink]" src="images/icons/wink.gif" /> Good work!

Re: Session support? #33688
10/19/00 04:10 PM
10/19/00 04:10 PM
A
Anonymous OP
Unregistered

>They can't get any information from you that you didn't give them/they are able to read anyway!
>They can track you only in their own site...they can't monitor your overall web activity.

That's completely untrue. This stuff is old news- <A HREF="http://slashdot.org/yro/99/10/22/0249212.shtml" target="_new">http://slashdot.org/yro/99/10/22/0249212.shtml</A>.

Maybe I'm just weird, but to me, the idea of these companies tracking my online habits and putting it all together in one huge database, either connected to my IP address, or in some cases my actual name, etc , is more than a little disturbing.

I'll continue to monitor all incoming cookies and decide for myself which ones are necessary. If you're not bothered by this, then by all means, continue treating cookies as harmless little things.

Re: Session support? #33689
10/19/00 04:16 PM
10/19/00 04:16 PM
A
Anonymous OP
Unregistered

True, it's a bad app, but what makes you think it doesn't happen? Almost all Microsoft products grab information about you from the registry and send it to microsoft (like when you register an app)....... does that stop people from using the software? nope!

Most people don't even know about it... They could do that with cookies also and you would never know. (not saying anybody does, but it is possible)

Also, yes you CAN track cookies over multiple sites.. ad companies do it .. all you do is set a global cookie......... coremetrics puts a cookie on your machine and tracks -everything- you do on ANY site that runs their product.. (when you visit the site it reports to their servers w/ your cookie id and what you are doing) in other words if you fill out a form with your name and address, it gets sent to coremetrics and associated with your cookie.. bet ya didn't know that? hehe... (this only happens on sites that run coremetrics product though)

I'm not saying that is bad .. they don't use the information in a bad way.. but it IS possible...... some banner add companies sell your 'surfing' habbites (they know which of their affilite sites you have visted, and where you went on those sites etc..)

again.. nothing bad really, but it's still possible to do, there is no denying it..

as for the js file thing.. yeah.. it was a bug on here, but it still only effects people who use cookies and if I never said anything nobody would have ever found that bug I don't think.. people who turn off cookies -can- be just protecting them selves from bugs like that.. they do exist, and they are a threat... shutting off cookies DOES make things a little safer... I know it's not the cookies fault, it's a mis-use of cookies by the person who creates the product, but none the less it still happens, and people don't find out about it until it's too late...

------------------------------------------------
Jeremy 'PeelBoy' Amberg

Re: Session support? #33690
10/19/00 04:28 PM
10/19/00 04:28 PM
A
Anonymous OP
Unregistered

I guess sessions will be a memory hog ?
If you have 200 users online at the same time, it will use ALOT of memory right ?

Benj

Re: Session support? #33691
10/19/00 04:38 PM
10/19/00 04:38 PM
A
Anonymous OP
Unregistered

Yep yep..

sessions kill servers under load..

200 users on the forum at once is a lot though.. (That is a pretty popular forum)

You don't need to track anonymous users.. So that cuts 1/4th of them usually..

And if you use sessions to only track users who have cookies disabled I think it would work great.. You would only have maybe 1 or 2 users online who are being tracked by sessions..

------------------------------------------------
Jeremy 'PeelBoy' Amberg

Re: Session support? #33692
10/19/00 04:40 PM
10/19/00 04:40 PM
A
Anonymous OP
Unregistered

Ah, I see...so they have my ID. Ummm...yeah. My "ID". Hope they don't, ya know, look up that "ID", in their ID database! They might find that I use IE5.5! <img border="0" title="" alt="[Wink]" src="images/icons/wink.gif" /> I do know that they can connect that ID to my info...IF I ever gave them my info! Otherwise, it means nothing to them, except the path of a "human" on the web! <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" /> I guess it is a matter of personal preference, but that seems kinda paranoid to me...I dunno. I guess the option is nice. But...uh oh...that means that in the case of the "global cookie", PHP sessions won't help!! DOH!
So basically, my point is that w3t has a useful and valid use for cookies, which everyone should use. I have said it, and thus it has been said. <img border="0" title="" alt="[Wink]" src="images/icons/wink.gif" /> On the other hand, thanks for putting in the option, Scream.

Re: Session support? #33693
10/19/00 04:55 PM
10/19/00 04:55 PM
A
Anonymous OP
Unregistered

But the problem is that you assume they -only- use cookies..

It's not good to assume that..

Let's put it this way.. You visit a site to buy something.. The site grabs your cookie and then reports back to a server that you just visited their site. Then you decide to buy a product so you find the stuff you want and add them to your cart.. Each time you add an item your cart the website tells the server exactly what items you are adding to your cart. THEN you fill out your address and cc info.. That gets sent to the server also (along with your cookie id!!).. now that site has all of your info.. so where does this cookie id come in? well it's a global cookie which means you are tracked across multiple sites, which all run this "tracking" software...

That means I can go to my "user tracking" database and do a lookup on "Lone\/\/olf" and I can see that you visit this sex site and got a porno, then you went to walmart.com and got some hand cuffs, then you went to some other place and got a new bike.... and then I can go and sell all of your contact information to another company who wants to send you ads for porno since they KNOW you like to buy porno............. Not just email ads, but phone, and snail mail ad's also. this can be done with out using cookies, but cookies is what ties it all together.. it's what the site uses to know who you are on each page you visit, and it is used to track you on other websites.. etc.. and you never know all of this is happening either.. not unless you always read the privacy pages on every website you shop at...


and yes.. w3t's use of cookies IS very valid.. I'm just saying that people who disable cookies probably have a pretty good reason, and I wouldn't say they are 100% wrong, and I think it would be good to take these people into account because they -are- out there and they do deserve to use this forum if they want, with out having to enable cookies.. Tracking users who have cookies disabled by using a session is a good enough solution.. it will let them use the forum, but they will have to login every day, or every time they close the browser.. that beats not being able to use the forum at all.


------------------------------------------------
Jeremy 'PeelBoy' Amberg

Re: Session support? #33694
10/19/00 05:00 PM
10/19/00 05:00 PM
A
Anonymous OP
Unregistered

scream, if you download ewaddle from <A HREF="http://www.ewaddle.com/" target="_new">http://www.ewaddle.com/</A> you'll get a clever way to get the session capabilities without relying on PH4 sessions. I think PHP3 will continue to be the most used coding script for a while before being replaced by PHP4. Reasons are multiple.

Session doesn't replace the cookies to remember the login parameters.

Re: Session support? #33695
10/19/00 05:05 PM
10/19/00 05:05 PM
A
Anonymous OP
Unregistered

Only problem with this, is that cookies are not needed for this scenario! If I buy from a site that totally doesn't use cookies, they still get my info, they can still send me mail! If I go to Wal-Mart (in real life, not on the web), I still get magazines, etc. from them! Do you really think that you aren't tracked, just because you disable the cookie? Do you seriously think that Wal-Mart, etc don't sell your data to ad companies and data warehouses? And if you really didn't want to get the catalog of porn, then you probably shouldn't have told the porn store where to ship the merchandise!

Please realize that I'm not arguing the point of having an alternative in w3t...alternatives are always nice. I just like playing Devil's advocate <img border="0" title="" alt="[Wink]" src="images/icons/wink.gif" />

Re: Session support? #33696
10/19/00 05:19 PM
10/19/00 05:19 PM
A
Anonymous OP
Unregistered

(ok so my typing skills aren't so hot today.. )

Right and wrong.. I already said you didn't have to have cookies.. =) Cookies just ties things together.. it helps.. it makes your information a lot more valueable.. Your shopping habbits on a single site might be worth money, but your shopping habbits across a LOT of sites.. now that is some serious information...

What I am saying is that an outside company that provides 'metrics' software to other websites tracks you.. they can track you across multiple sites, and THEY can sell your info..

I'm not saying that you go shop at walmart.com and then walmart sells your information.. I'm saying that you go shop at walmart, then 10 other sites.. and the outside company who has their product on all of these sites tracks you..
-they- know a lot more about you than any single web site... They know that you like to buy candy from walmart.com, and cars from cars.com and tools from home depot etc etc.. That might not bother -you- personally (I know it doesn't bother me) but it -does- bother some people.. I mean.. that tracking company probably knows more about your shopping habbits than you do...

And none of that is made up either.. heh.. the company I use to work for does it.. That's how I know.. They are legit, they don't sell your info, but if they really wanted too......... they could.. period.. if a hacker gets their database they will know A LOT about you..

once again.. I am -pro- cookies, but I do understand why people turn them off.... Using them CAN be a security risk, although it's probably not likely for the most part...

If all of the web apps on the internet used cookies like w3t does (or did? haven't looked lately) I could go around getting peoples info left and right..

It might not be the cookies fault that the information is there, but it IS the cookies fault that I am able to GET that information!!!!!

------------------------------------------------
Jeremy 'PeelBoy' Amberg<P ID="edit"><FONT SIZE=-1><EM>Edited by PeelBoy on 10/19/00 02:31 PM.</EM></FONT>

Re: Session support? #33697
10/19/00 05:32 PM
10/19/00 05:32 PM
A
Anonymous OP
Unregistered

I agree entirely...except for the last two parts...
1)
<blockquote><font size=1>In reply to:</font><hr>


once again.. I am -pro- cookies, but I know many many many reasons why they -can- be mad...


[/quote]

Now mad cookies....that is dangerous. <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" />

<blockquote><font size=1>In reply to:</font><hr>


If all of the web apps on the internet used cookies like w3t does (or did? haven't looked lately) I could go around getting peoples info left and right..

It might not be the cookies fault that the information is there, but it IS the cookies fault that I am able to GET that information!!!!!


[/quote]

Even if all sites used cookies the way w3t did before, only the sites that allowed you to post would let you get people's info. Many sites _do_ use cookies this way (login info), but don't let you steal them, since you can't post JS on the pages the user goes to.
And it's not the cookie's fault you're able to get that info in the insecure situations...it's the website programmer's fault! <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" />

Re: Session support? #33698
10/19/00 05:47 PM
10/19/00 05:47 PM
A
Anonymous OP
Unregistered

Sorry I just re-read what... *scratches head* I don't know how the hell I messed that up lol... I guess proof reading is a good thing.

Here's my points:

1. JavaScript isn't the only method to grab cookies..
JavaScript is just the 1 method that I found for THIS forum.. Other forums or products will have their problems also I'm sure...

2. Cookies can be insecure..
Just because it's the programmers fault, doesn't make it any less secure....... Does it? Nope it's not the cookies fault that your un-encrypted password is sitting there in a cookie.... It's the progammer who put it there.. But forget about blame.. it's still there right? And there are still potential ways for somebody to get to that information right???! That is a good enough reason for -some- (not all) people to turn off cookies.. If you want to be as secure as possible (a complete security freak) then turning off cookies is a must...


No matter how you look at it, cookies CAN store sensative data that other people CAN get into if they know what they are doing AND the end user doesn't have much to do about it since it is all done behind the scense (little or no user interaction)..... That's a security risk.. Yeah it's a low one for the most part, but it's still a security risk.. So some people disable their cookies for that reason. Other people disable them because they hate being tracked by banner ad companies.

------------------------------------------------
Jeremy 'PeelBoy' Amberg

Re: Session support? #33699
10/19/00 05:51 PM
10/19/00 05:51 PM
A
Anonymous OP
Unregistered

Well, I do not really support this session idea.
On large boards I don't like it, because it will need tons of Ram.

It just work really well with cookies..

Benj

Re: Session support? #33700
10/19/00 05:52 PM
10/19/00 05:52 PM
A
Anonymous OP
Unregistered

Pity you were the one who asked for the "Big Brother" feature - it does tend to weaken your case somewhat. <img src="http://amdragon.com/images/icons/devil.gif" alt=" - " />

<img src="http://www.amdragon.com/images/eileensig.gif" alt=" - " />

Re: Session support? #33701
10/19/00 05:53 PM
10/19/00 05:53 PM
R
Rick  Offline
Former Developer
Joined: Jun 2006
Posts: 10,177
Aberdeen, WA
Just for clarification, sessions do not reside in the server's memory. They are written to a temp directory on the server. When needed they are accessed or updated.

---
Scream
<A HREF="http://www.wcsoft.net" target="_new">http://www.wcsoft.net</A>

Re: Session support? #33702
10/19/00 05:54 PM
10/19/00 05:54 PM
A
Anonymous OP
Unregistered

It's programmers who think "oh.. cookies.. those are secure.. no need to worry about checking them for security" that leave big friggen secuirty gaps in their programs..

Cookies aren't secure by default.. You have to write your app to make them that way.. You can't just dismiss them as nothing..

Any time you are taking user information and store it some where you should look at the security of it all.. Databases can be just as insecure if your app isn't written right..

For example.. you might not strip special chars off a search form and a user could figure out a way to write code that does a select statement on the user_info table and prints it out to the screen... who knows?!?!?!

------------------------------------------------
Jeremy 'PeelBoy' Amberg

Re: Session support? #33703
10/19/00 05:56 PM
10/19/00 05:56 PM
A
Anonymous OP
Unregistered

</font><blockquote><font size="1" face="">quote:</font><hr /><font size="" face="">Just for clarification, sessions do not reside in the server's memory. They are written to a temp directory on the server. When needed they are accessed or updated</font><hr /></blockquote><font size="" face="">Even when the user IS online ?

Benj

Re: Session support? #33704
10/19/00 05:59 PM
10/19/00 05:59 PM
R
Rick  Offline
Former Developer
Joined: Jun 2006
Posts: 10,177
Aberdeen, WA
Yes, even when they are online. It writes the session info to a file. When you go to the next page and session_start() is called it grabs the info from the file.

---
Scream
<A HREF="http://www.wcsoft.net" target="_new">http://www.wcsoft.net</A>

Re: Session support? #33705
10/19/00 06:01 PM
10/19/00 06:01 PM
A
Anonymous OP
Unregistered

Also, isn't there a higher risk of loosing all user prefs if they are on a server temps dir ?

I mean with cookies, each user is responsible for its own settings (cookkie in his browser dir), but with sessions, all is on our server==> higher risk ?

Something I don't understand: will the user profile be stored in the session ? Or will we have still the user database+ the sessions ?
Are the sessions like cookies, but stored on our server ?

I don't get it.

Thanks,
Benj

Re: Session support? #33706
10/19/00 06:06 PM
10/19/00 06:06 PM
A
Anonymous OP
Unregistered

Sessions are temporary.. They go away when you close your browser, or when they expire.. They are supposed to be used to pass information from page to page during your current session.. I would think that they are stored in a binary db file on the server, not a text file..(for speed) but I'm probably wrong about that... (it probably depends on what language you are using.. ASP probably handles sessions different than PHP) .. In this case (passing login info) I would say sessions should only be used IF the user does not want to use cookies.. I would hate to have 200 users all having info passed using sessions.. that would slow things way down.

------------------------------------------------
Jeremy 'PeelBoy' Amberg

Re: Session support? #33707
10/19/00 06:06 PM
10/19/00 06:06 PM
R
Rick  Offline
Former Developer
Joined: Jun 2006
Posts: 10,177
Aberdeen, WA
Well, if you are on a server that loses files then that would be bad;). But then sessions would be the last of your problems:).

Sessions work something like cookies, yes. All user profile info will still be stored in the database, sessions just track you while you visit the site.

How it works right now is you log in, and I set a cookie that has your username, encrypted password and language preference on your machine. Each time you request another page I grab this info from your cookie.

If you use sessions, in the php version this info is stored in a temporary file on the server. So instead of retreiving the info from your cookie, we grab it from the temp file.

There are 2 ways that sessions can work. One, you pass the session id (which points to the temporary file) to each script. Two, you set a cookie with the session id. So, we grab the session id from your cookie, and then grab the other info from the session file.

Hopefully that makes some sense. You will be able to choose either method (all cookies, sessions with no cookies, or sessions with cookies) for your users.

---
Scream
<A HREF="http://www.wcsoft.net" target="_new">http://www.wcsoft.net</A>

Re: Session support? #33708
10/19/00 06:08 PM
10/19/00 06:08 PM
A
Anonymous OP
Unregistered

tee hee... <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" />
But you do that w/o cookies! I think I'll write the Big Brother feature...so there! [img] /w3timages/icons/images/icons/tongue.gif [/img]

Page 1 of 2 1 2

Shout Box
Today's Birthdays
whk
Recent Topics
UBB.threads 7.6.2 - Released
by isaac. 09/17/18 08:08 AM
7.6.2 Changelog Discussion
by isaac. 09/17/18 06:35 AM
Upgrade Documentation
by DennyP. 09/15/18 03:55 PM
PHP 7.2
by Geoff. 09/12/18 10:22 PM
Email Cleanup-Is it possible?
by Ruben. 09/06/18 11:25 AM
Forum Statistics
Forums36
Topics35,140
Posts191,445
Members12,106
Most Online978
Jun 24th, 2007
Random Image
Powered by UBB.threads™ PHP Forum Software 7.6.2