SamuelL

Hello Larry, I thought CH 17 Forums was well put and easy to implement. If I were to add a Like functionality to the database design. Then it would look as follows: posts_table post_id thread_id user_id etc thread_table thread_id etc user_table user_id etc like_table like_id post_id user_id etc This database design looks normalized, but the 'like_table' would hold all likes for all posts? This seems like a table that would be very heavily populated and queried? What do you think about this Larry? Thanks I appreciate your response to these forums.

Larry, I have found the solution as to why it is. There are 2 different $_SESSION['destroyed'] variables that exist for 2 different sessions. Sorry for the bother...

There is a second function but I couldn't upload it. It is in the manual. The second function is for session_start() and also checks if $_SESSION['destroyed'] is set. Maybe its like a race between the two functions for $_SESSION['destroyed'], I am not really sure.

Hey Larry, Just a quick question about regenerating session id. Why does the php manual set a time stamp on the old session but then quickly deletes it by unsetting the variable. I have attached a screen shot of the example from the php manual website. It is the second example from: http://php.net/manual/en/function.session-regenerate-id.php

Hello Larry, I came across some questions when developing on localhost and enabling https. Xampp's apache configuration file: httpd-ssl.conf, has the following commented out: #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 Looking up recommendations, I found out that I should enable the urandom library like so: #SSLRandomSeed startup file:/dev/random 512 SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 SSLRandomSeed connect file:/dev/urandom 512 However, is there a reason why it is commented out? Maybe newer versions of php already implement it somehow or the library was declared somewhere else which means I shouldn't even be doing this myself? I ask this because the php manual says that session.hash_function and session.entropy_file were removed in some newer versions of php and the php.ini file? My second question is why is it 512 and not 256 ? I assume that the number indicates a sha function to be used with php?

Hello Larry, I had a question regarding php.ini file. Have the newer versions changed the way session.entropy_file and session.hash_function work? Because the manual says they were removed, but does that mean deprecated? I searched for these settings under the 'php.ini session' section but did not find them. My purpose for searching for them was to edit them to use dev/urandom instead of dev/random and then hash with sha256. That leads me to another question. But I think Ill post that under a different post and title because it is kinda different. Thanks Larry. questionpicture.pdf

Hello Larry, My name is Samuel and I bought your book to learn more about security techniques. Anyway, I had a question about your connection.php file from CH18. Your MySQLi code works fine, but I wrote my own version using PDO. My question is whether your custom error handler would still work in this case... Because you used the trigger_error( ) function differently than I did. I attached snapshots of your code and my code. I hope you can give me some advice or point me to the right direction.