I'm using sessions in my existing profile login. I've noticed that the gallery is using cookies. Having only one login for both is obviously the best way but, I've been tweaking the index.php login with strange results. Somehow the session is passed the wrong id, logging me into another member's profile. I basically just inserted this into the code:
And, when I jump to my existing profile edit, it either logs me into the wrong profile or determines my session is invalid. What would be the best/easiest way to integrate the two? I don't mind using cookies but, I read that sessions were more reliable/safer (being that cookies are stored on the users machine). At this point, I probably just want to do whichever is easier.
Since I don't know much of anything about handling sessions (a major reason there isn't a session login option, though the biggest reason is that I've never found a good reason for one), I can't comment on why your session login doesn't work.
I read that sessions were more reliable/safer (being that cookies are stored on the users machine)
Given that with sessions an unsuspecting person can accidentally give someone a link that makes the recipient be logged in as them, the "safer" suggestion strikes me as just plain absurd.
Just going by the book I read (by Ullman, I think). But, however accurate my memory and what the book stated, I still want to integrate the systems. My login script establishes a session and $id for the user. The edit script then pulls the data out of the database based on the $id.
I think I can figure out how to have the script check a cookie value vs. a session value. Does the cookie set by the gallery login use something readily readable like a plain id that can be checked by my edit script?
Basically, is there a fairly easy way I can use the cookie values established by the gallery in my edit script?
I looked through the PHPINFO pretty thoroughly. I found the ID cookie referenced several times along with votes: _COOKIE["votes"] _COOKIE["wsnuser"] but no password. Is the password called UNIQUE_ID or something?
Comments on integrating session login with cookies
Experienced
Usergroup: Customer
Joined: Mar 31, 2004
Total Topics: 20
Total Comments: 83
I'm using sessions in my existing profile login. I've noticed that the gallery is using cookies. Having only one login for both is obviously the best way but, I've been tweaking the index.php login with strange results. Somehow the session is passed the wrong id, logging me into another member's profile. I basically just inserted this into the code:
session_start();
$_SESSION[valid] = "yes";
$name = $row['name'];
$user_password = $row['user_password'];
$_SESSION['id'] = $row['id'];
And, when I jump to my existing profile edit, it either logs me into the wrong profile or determines my session is invalid. What would be the best/easiest way to integrate the two? I don't mind using cookies but, I read that sessions were more reliable/safer (being that cookies are stored on the users machine). At this point, I probably just want to do whichever is easier.
Thanks!
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
Since I don't know much of anything about handling sessions (a major reason there isn't a session login option, though the biggest reason is that I've never found a good reason for one), I can't comment on why your session login doesn't work.
I read that sessions were more reliable/safer (being that cookies are stored on the users machine)
Given that with sessions an unsuspecting person can accidentally give someone a link that makes the recipient be logged in as them, the "safer" suggestion strikes me as just plain absurd.
Experienced
Usergroup: Customer
Joined: Mar 31, 2004
Total Topics: 20
Total Comments: 83
Just going by the book I read (by Ullman, I think). But, however accurate my memory and what the book stated, I still want to integrate the systems. My login script establishes a session and $id for the user. The edit script then pulls the data out of the database based on the $id.
I think I can figure out how to have the script check a cookie value vs. a session value. Does the cookie set by the gallery login use something readily readable like a plain id that can be checked by my edit script?
Basically, is there a fairly easy way I can use the cookie values established by the gallery in my edit script?
Thanks!
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
You can view the cookies set by clicking the PHPinfo link in your admin panel. There's one for the user id and one for the (encoded) password.
Experienced
Usergroup: Customer
Joined: Mar 31, 2004
Total Topics: 20
Total Comments: 83
I looked through the PHPINFO pretty thoroughly. I found the ID cookie referenced several times along with votes:
_COOKIE["votes"]
_COOKIE["wsnuser"]
but no password. Is the password called UNIQUE_ID or something?
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
wsnuser, wsnpass