I am learning how to use cookies and sessions. I am currently having a problem where the page only recognizes the cookie if the user leaves the site and comes back.
Any idea why?
If I need to post my code I will. Thanks!
Marie
As I am reading more, I am wondering if I misunderstood the use of cookies. Should I be using sessions to store the user/password info for the user's current session and use cookies for when they come back again?
When you do a setcookie(), it adds the cookie to the HTTP headers that will be sent to the browser. It does not, in and of itself, store the data in $_COOKIE or anywhere else. Once the user's browser has received the cookie (when the page is sent to it), any further page requests to that domain will send the cookie to the server along with the rest of the HTTP request. At that time any PHP script on that site will receive the cookie from the browser and add its name and value to the $_COOKIE array.
Anyway, as far as login information goes, sessions are probably better, especially since you really don't want to be sending passwords back and forth to the browser via cookies, increasing the chance of them being intercepted, particularly in cases where other people might have access to the user's computer. (Note that sessions normally make use of a cookie, but it only exchanges a pseudo-random, generated session ID used to identify the session.)
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
When a user comes to my site I check if there is a cookie. If so, I set the session variables to equal the cookie. If not, I prompt them to log in and then I create a new session.
You don't even have to "look" for a cookie. If, when a user logs in successfully you save something to indicate that in $_SESSION, then all you have to do is check for it there when they access any controlled page. Just make sure that you start each controlled page with a session_start() before anything gets output.
login processing:
PHP Code:
<?php
session_start();
// do your user/password check, etc.
// if the login is valid, then:
$_SESSION['username'] = $login_name;
Any controlled page:
PHP Code:
<?php
session_start();
if(empty($_SESSION['username']))
{
// load login page or redirect them to it, however you want to handle it
exit;
}
echo "Hello, " . $_SESSION['username'];
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
Just thought I would add some info in case anyone else was having a similar problem. I added sessions and it worked. However, it would only appear that the session registered on the second time through (i.e. the person would have to login twice to have the file say, "Welcome user").
I finally figured out that my problem was in my header('Location...) command that took the user from the checklogin.php file back to the main screen. I had header('Location: http://mydomain.com') instead of header('Location:http://www.mydomain.com'). When I added the www then the session took.
If you have access to the php.ini settings or can set them via a .htaccess file, you can change session.cookie_domain to ".mydomain.com" (note the leading "."), which will make the session cookie accessible regardless of whether or not the "www." sub-domain is specified.
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
Reply With Quote
Bookmarks