PHP: Alternative to SESSIONS
https://stackoverflow.com/questions/4507826
-
12-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a PHP application that relies on session variables quite a lot. After login the user get redirected to a page that executes code to set up a load of session variables depending on who the user is. The application is using data from different sources and the sessions are used to store ID numbers to query the databases.
So when the user goes to a page that will query their asset management system their ID for that particular database is called via the session.
I've had a LOT of problems with session variables recently. Sometimes only one session file is created during the lifetime of the app, and sometimes each session request results in a new session id (still haven't managed to find out why!).
My question is this. Is there an alternative to using session variables for this? Like globals or some other way?
I have a question open about my session problem here - PHP session variables not being maintaned
Solution
Another alternative is to store session data in database in give user a cookie with your session_id. That will give you more control around sessions.
OTHER TIPS
No, since each user session should have its one values, you need some kind of session mechanism. And PHP’s session is fine for that. You probably just need to configure it properly to meet your needs.
You could use some other "session" solution but that requires you to do more of the plumbing.
For example, you could use url based sessions where every url the site generates includes a sessionid. This is usually a major redesign of the site and the only time it is required is if you need to have the same session over multiple domains OR if you like to have the same computer running different sessions in different windows in the browser.
But in your case I would check why the sessions are broken, its probably a configuration issue or you have someting else that screws up the session files.
I have never had any trouble with PHP sessions, they just work ;)
Sessions seem like the right solution for this. Generally sessions work like this: A session object is created on the server and assigned an id. The id is sent to the browser in a cookie and sent to the server with request of the browser, thus enabling the server to fetch the correct session object from memory.
You may want to look at how your session is configured. If you keep "loosing" sessions, one possible cause could be that you are "jumping" between subdomains and have the session cookie set for only one subdomain. Another cause could be that you have a too low expiry on your session.
Cookies aren't really an alternative, in particular when used for logins, since they can be changed by the user, while for sessions just store a cookie containing an identifying hash on their computer, and modifying it won't get them very far.
Anyway, sessions work. Your problem is, with no doubt, an implementation problem. I suggest you spend some time debugging and testing, since implementing an alternative method will lead to an incredibly more complex code - and you don't want to do it, since sessions are causing you trouble already.
For your sessions which are re-created at each request you should try to debug the cookies send to you by the server. In theses cookies check that the cookie domain is the right one (and check cookie path as well).
To debug cookies you could use the web developer toolbar to show which cookies are active after the page load. But the best tool is Live Http headers, check the real headers send by the server, there you'll find the real cookie content, and if there's a mismatch in the cookie domain (for example -- but most time it's that) your browser will not store this cookie for your website.
If your browser ignore a cookie, next page you request PHP builds another session, etc.
If you cannot get you cooki system to work you can track the old way of tracking sessions Id in PHP, which was using a permanent get and/or post parameter with the PHPSESSID. You need --enable-rans-id on your PHP compilation (check it on a phpinfo page) http://www.php.net/manual/en/session.idpassing.php
The alternative to sessions is cookies (in fact, sessions are usually implemented using cookies). But cookies should only be used if you want to store small amounts of data.
