Page 173 - Open Soource Technologies 304.indd
P. 173
Open Source Technologies
Notes The time() - 86400 is exactly one day ago, which is sufficiently in the past for our browser to
forget the cookie data.
Figure 10.1 shows the way our scripts can be tied together. As mentioned, putting authentication
data into cookies (as we did in the previous examples) is not secure because cookies are so
easily faked.
PHP has, of course, a better solution: sessions.
Figure 10.1: Scripts Tied Together.
10.4 Session Function Overview
Session functions provide a unique identifier to a user, which can then be used to store and
acquire information linked to that ID. When a visitor accesses a session-enabled page, she is either
allocated a new identifier or re-associated with one that was already established in a previous
access. Any variables that have been associated with the session will become available to your
code through the $_SESSION superglobal.
When you use sessions, cookies are used by default to store the session identifier, but you can
ensure success for all clients by encoding the session ID into all links in your session-enabled
pages.
Session state is usually stored in a temporary file, although you can implement database storage
using a function called session_set_save_handler().
10.4.1 Starting Session
To work with a session, you need to explicitly start or resume that session unless you have
changed your php.ini configuration file. By default, sessions do not start automatically. If you
want to start a session this way, you will have to find the following line in your php.ini file and
change the value from 0 to 1 (and restart the Web server):
session.auto_start = 0
168 LOVELY PROFESSIONAL UNIVERSITY
