Jump to content
Larry Ullman's Book Forums

Search the Community

Showing results for tags 'sessions'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Single Editions
    • Modern Javascript: Develop and Design
    • The Yii Book
    • Effortless Flex 4 Development
    • Building a Web Site with Ajax: Visual QuickProject
    • Ruby: Visual QuickStart Guide
    • C++ Programming: Visual QuickStart Guide
    • C Programming: Visual QuickStart Guide
    • Adobe AIR: Visual QuickPro Guide
  • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (5th Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (4th Edition)
    • PHP 6 and MySQL 5 for Dynamic Web Sites: Visual QuickPro Guide (3rd Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (2nd Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (1st Edition)
  • PHP for the Web: Visual QuickStart Guide
    • PHP for the Web: Visual QuickStart Guide (5th Edition)
    • PHP for the Web: Visual QuickStart Guide (4th Edition)
    • PHP for the Web: Visual QuickStart Guide (3rd Edition)
    • PHP for the World Wide Web: Visual QuickStart Guide (2nd Edition)
    • PHP for the World Wide Web: Visual QuickStart Guide (1st Edition)
  • Effortless E-commerce with PHP and MySQL
    • Effortless E-Commerce with PHP and MySQL (2nd Edition)
    • Effortless E-Commerce with PHP and MySQL
  • PHP Advanced: Visual QuickPro Guide
    • PHP Advanced and Object-Oriented Programming: Visual QuickPro Guide (3rd Edition)
    • PHP 5 Advanced: Visual QuickPro Guide (2nd Edition)
    • PHP Advanced: Visual QuickPro Guide
  • MySQL: Visual QuickStart Guide
    • MySQL: Visual QuickStart Guide (2nd Edition)
    • MySQL: Visual QuickStart Guide (1st Edition)
  • Other
    • Announcements
    • Newsletter, Blog, and Other Topics
    • Forum Issues
    • Social

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



Found 17 results

  1. Hi Larry, I have been using your database session handler for quite some time now in my Windows 7 environment but have run into a problem when I try to use it in a new PC set up with Windows 10 and Apache/PHP 7.3.7 (64 bit). I keep getting an error: "An error occurred in script 'C:\xampp\htdocs\....php' on line 53: session_write_close(): Session callback expects true/false return value" and I am getting this error everywhere that I have used 'session_write_close()' as per page 95 of the book (that's in dozens of places). Is it perhaps not needed in Win 10 with a fairly current A
  2. Right now on my website I created when someone is logged in they can go to the url in the address bar and change the id number associated with the url. for example one page I have is add_image.php?id=4 4 is the id associated with the article. If someone changes the 4 to a 7 for example. Then my page will show the other user's data on my page without them even entering that other person's login info. How do I make sure people can't see other user's data when they change the id number. I am using the scripts from this book. Maybe I missed something. I am using sessions properly as far a
  3. Hello, I'm editing my previous post. Still much to learn in this chapter, but making my way through it. I was having a difficult time connecting each of the individual pages (e.g., login_page.inc.php, login.php, etc.). Great book though. K
  4. I have followed the book closely and looked over the code to make sure it matches Larry's. However, no matter what I do, I am not able to load the session into the database when I run the sessions.php file as per the book. I was hoping on some help to figure out what the issue is. I am running PHP 5.4.10 and Mysql 5.5.29. Thanks for the help in advance! ******This is my db_sessions.inc.php file:********* <?php # Script 3.1 - db_sessions.inc.php /* * This page creates the functional interface for * storing session data in a database. * This page also starts the session.
  5. Hi, I recently restructured a website along the modularization lines (page 44 onwards). The content modules all start with a check to see if the BASE_URL constant has been defined and redirect the user if it has not been defined. This is clear and works just fine in the visitor-accessible part of the site. In the administration part of my website, the modules also check to make sure that an administrator is using the script via a check to a session set up like page 82 onwards. I am having trouble with 'headers already sent' and understand why this is happening and know how
  6. Hi all I've been tearing my hair out with this for too long so I'm asking for help. I've been working through the book and everything is going well until this chapter. I believe I have created the sessions as I should. I can log in and out and I've added session_start(); to every page that needs to be restricted by login (password.php, view_users.php, etc). Yet, when I log out I can still view the pages. Is there nothing else I should add to the pages for them to work? No include for login_functions.inc.php, for example? I'm new to this (did you guess?) so I may be missing som
  7. So I have gone through Chapter 12 a few times. This chapter shows you how to make a login functions first using cookies and then using sessions. I have no problem with creating the login functions with the cookies method using the provided scripts with this book. However when I get to the Session section the provided scripts do not work for me. When I get to Script 12.9 things stop working for example After logging in, I am supposed to be redirected to loggedin.php, which will welcome the user by name using the stored session value. It does not happen for me. Here is my cookies website th
  8. Hi All I'm on page 41 (in Security Fundamentals). Referring to: "For sensitive data being stored, but not stored in a database, change your sessions directory, and use the Web root directory's parent folder (see Figure 2.5)." Could someone elaborate on what this means? I'm not sure what a sessions directory is. When it refers to "sessions", is it talking about session variables that we can create?... like if I wanted to store the logged-in users first name in $_SESSION['userFirstName']? Is temporarily storing potentially sensitive data in session variables not secure?
  9. Edit: Nevermind do not worry about this thread. Apparently my action attribute for my login form should have been "index.php?p=login". When I give correct login info, it works correctly so I just need to fix the conditional for when the login info is incorrect. Okay so I tried setting up a modular website with the standard header + left sidebar, content, and right sidebar + footer. I also want to include the ability to register / login and put up a "Home | Login" or "Home | Settings" links up at the to of the header depending on whether someone is logged in or not. Now, for some rea
  10. One method for passing attractive variables between scripts is to append them to an URL like so: <a href="edit.php?x=1">edit</a> The issue being that "x=1", while provocatively visible in the URL, is easily coerced to become "x=99", or some other arbitrary value of dark intent and high suspicion. Is it merely that I have yet to find the session-based solution for this in the book? Obvious session assignments, i.e., registering a user name as a session variable, are straightforward. But the example listed above seems to present a different sort of challenge. ~ D
  11. Hi all! I've followed the authentication tutorials here, but i wonder if Yii has a workaround for using both cookies and sessions for authentication. I want to allow use of the "remember me" button, but still save the roles, emails and such in sessions for security. Acording to the yii-manual the CBaseUserIdentity::setState will use cookies if its enabled, and use sessions if its set to false. Im thinking about a solution where you save a sha1($username $password) in the cookie, and make a method that gathers the other information in a auto-load-if-logged-in sort of way, but im not
  12. Hi, still teaching myself, Larry's books are great. As I am not in the computer field, when I go to places like PHP.net for info I usually can't figure out what they are really trying to say to me. I hope that my question below is proper for this forum, if not please excuse my question and I will respectfully withdraw it. I bought the PHP 5 Advanced book really to learn OOP, something very new to me. I am able to work through Larry's examples an do eventually get things to work when I modify the examples, to be sure I understand how the coding works. I took Script 3.1 db_sessions.in
  13. I'm developing my site with shared hosting ssl certificate. As Larry describes in the book, I'm trying to use the session id from the http pages after I get to the https pages, and be able to go back and forth. From home page I click login, I log in and my code tries to redirect to loggedin page. But between login and loggedin there is a new id generated. That is what I think is happening. So that causes my loggedin page to fail because test says user is not logged in. And this will also cause everything else to fail but this is the first thing I'm testing. Here is the code I am using, a
  14. Not sure if I am getting this, I followed along and still I am seeing the PHPSESSID here is the code <?php // Script 9.8 - logout.php /* * * Session ID is still present * I am using a Edit this Cookie * A Chrome Add On for working with * Cookies, still seeing the * PHPSESSID | localhost */ // Need the session session_start(); // Delete the session variable unset($_SESSION); // Reset the session array $_SESSION = array(); session_destroy(); // Define the page title and include the header define('TITLE', 'Log Out!'); require('_includes/header.html'); echo '<h2>
  15. I am having trouble getting my scripts to work when it coes to sessions without cookies. I have amended the login.php script as per the book and then amended the remaining scripts header.html, loggedin.php and logout.php as described in the book but find when entering a valid email address and password I am returned straight to the index.php page. Please can you assist me in understanding what I am doing wrong, I have been trying to work through it and resolve it my self for the last 2 days. I have MySQL Server 5.5, php 5.3.6 and Windows 7 Home 64bit running on my own computer using the loc
  16. Hi Larry, I'm Greg and I wrongly addressed some question on the "comments" section of your book. Apologise. At your suggestion I address my questions here. You created and refactor several times the registration, login, logout scripts… however, there is not even one page to serve as example of page for authenticated users. The solution suggested is to check for the presence of a session variable. Will this be safe enough? Should we change the default name for the session or regenerate the session it? Will help to have a nonce system implemented? Will help to encrypt some session variab
  • Create New...