Jump to content
Larry Ullman's Book Forums

Storing Sessions In A Database


Recommended Posts

Hi Larry,

First time post for me. Thank you for your wonderful books, which have helped me make PHP a fantastic new hobby/reality for me. Have worked through PHP6 and Mysql5, currently working through PHP 5 advanced edition 2 and Effortless E-Commerce. Recently purchased Modern Javascript. I am still very much a novice and would appreciate help with the following.

 

I am attempting to improve the security of my site by storing session data in a database, before going live, and experiencing some problems. The session handler seems to be working, but when logging in the session data disappears after transferring to the index url via header("header("Location: $url");").

The session data is in the sessions file. Can anybody please help me? 

 

P.s When I change the login script to exclude the header function and access the index script manually the session data is there.

Link to comment
Share on other sites

Hi,

 

Just worked out that the exit() function is destroying session data. My next concern is that if just using the header function without an exit function are you not creating additional overhead moving from one script to the next. The site wil use a shopping cart and other functionality etc. Would this be acceptable? or is there another solution?

Link to comment
Share on other sites

Thanks for the nice words on my books, it is appreciated. It sounds like you're taking some good debugging steps, however, the exit() function is not (cannot) be destroying your session data. I suspect the session ID is not being maintained from one page to the next.

Link to comment
Share on other sites

Hi Larry,

 

Thank you for your reply, it has given me new perspective, commenting out exit() is not the solution.

 

I think I found the problem, in that I used the same principle as the session.php script (to use session handlers), to place the session_write_close()  at the end of the login.php script. If you exit the script straight after the header("Location: $url") to the index page the session_write_close will not be executed. Modified the script to put the session_write_close()  just before exit() and it seems to be working.

 

Thanks for your help Larry.

Link to comment
Share on other sites

 Share

×
×
  • Create New...