Thanks a lot.
The other day I have talked with one of my classmates and say that
there is nearly no essential differences between session and url
variables, after I read your answer I know that it does have.
I have tried your way of using session, it does make sense in differentiate
between session and url variables.
I still can't find whether there is a life-time for session. Could you help
me?
Best Wishes!
----- Original Message -----
From: "SHEETS,JASON (Non-HP-Boise,ex1)" <[EMAIL PROTECTED]>
To: "'mintbaggio'" <[EMAIL PROTECTED]>
Sent: Tuesday, August 13, 2002 3:27 AM
Subject: RE: [PHP] Some questions.
> Turn off register globals and use the superglobals, if this doesn't make
> sense refer to the PHP manual available at http://www.php.net/manual.
>
> Basically as of PHP 4.1 all session variables are accessible by using
> $_SESSION['name'] for example.
>
> Example1.php
>
> <?php
> session_start(); // start session using session start
> $_SESSION['name'] = 'Jason Sheets'; // create and register a
> variable
> ?>
>
> Example2.php (this file accesses the variable from example1)
>
> <?php
> session_start(); // start session using session start
> print 'Your name is: ' . $_SESSION['name'] . '<br>'; // print line
> containing variable
>
>
> When you have register globals off or you use superglobals post and get
> information will not be propagated to the session array, meaning that even
> if the user sets loggedin=1 in their url when you check if
> $_SESSION['loggedin'] == 1 it will be false unless they logged in.
>
> Jason
>
>
>
> -----Original Message-----
> From: mintbaggio [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 12, 2002 11:43 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Some questions.
>
> Hello
> I'm a Chinese university student,I want to ask some questions about session.
> These days I'm build a website for my university with PHP, But I meet a
> question when I develop the part of User Management: After I have log out
> from a user page(I use "session_unset()" and "session_destroy()"),I can
> return to the page again by click the button "Back"to that pagea and refresh
>
> it, the user page can be shown again. This is unsafe.
> So I want to ask that the function "session_unset" and "session_destroy()"
> will
> destroy session immediately or there is a life-time for session. In my
> memory,
> I think that there is a life-time for session and the life-time can be
> configured.
>
> Another question:
> If the user log page is "main.php",the page for authenticate the user is
> "login.php"
> I use session to store the infomation of user such as :
> session_register($userid);
> But if the variables in the session are unfortunately be known by somebody
> else.
> and he can visit others' information bye the url:"login.php?userid=***",how
> can solve
> these problem? use a ugly but difficult session varable?
>
> Just two questions.
> Thanks a lot.
> Wish back soon!
> Best wishes
>
