SamuelL

Hello Larry, I thought CH 17 Forums was well put and easy to implement. If I were to add a Like functionality to the database design. Then it would look as follows: posts_table post_id thread_id user_id etc thread_table thread_id etc user_table user_id etc like_table like_id post_id user_id etc This database design looks normalized, but the 'like_table' would hold all likes for all posts? This seems like a table that would be very heavily populated and queried? What do you think about thi

Larry, I have found the solution as to why it is. There are 2 different $_SESSION['destroyed'] variables that exist for 2 different sessions. Sorry for the bother...

There is a second function but I couldn't upload it. It is in the manual. The second function is for session_start() and also checks if $_SESSION['destroyed'] is set. Maybe its like a race between the two functions for $_SESSION['destroyed'], I am not really sure.

Hey Larry, Just a quick question about regenerating session id. Why does the php manual set a time stamp on the old session but then quickly deletes it by unsetting the variable. I have attached a screen shot of the example from the php manual website. It is the second example from: http://php.net/manual/en/function.session-regenerate-id.php

Hello Larry, I came across some questions when developing on localhost and enabling https. Xampp's apache configuration file: httpd-ssl.conf, has the following commented out: #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 Looking up recommendations, I found out that I should enable the urandom library like so: #SSLRandomSeed startup file:/dev/random 512 SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/ran

Hello Larry, I had a question regarding php.ini file. Have the newer versions changed the way session.entropy_file and session.hash_function work? Because the manual says they were removed, but does that mean deprecated? I searched for these settings under the 'php.ini session' section but did not find them. My purpose for searching for them was to edit them to use dev/urandom instead of dev/random and then hash with sha256. That leads me to another question. But I think Ill post that under a different post and title because it is kinda different. Thanks Larry. ques

Hello Larry, My name is Samuel and I bought your book to learn more about security techniques. Anyway, I had a question about your connection.php file from CH18. Your MySQLi code works fine, but I wrote my own version using PDO. My question is whether your custom error handler would still work in this case... Because you used the trigger_error( ) function differently than I did. I attached snapshots of your code and my code. I hope you can give me some advice or point me to the right direction.