integrating session login with cookies: WSN Support

Version:

integrating session login with cookies

knotworking
Experienced

Usergroup: Customer
Joined: Mar 31, 2004
Total Topics: 20
Total Posts: 83

Posted 05/17/05 - 06:39 AM:	#1
I'm using sessions in my existing profile login. I've noticed that the gallery is using cookies. Having only one login for both is obviously the best way but, I've been tweaking the index.php login with strange results. Somehow the session is passed the wrong id, logging me into another member's profile. I basically just inserted this into the code: session_start(); $_SESSION[valid] = "yes"; $name = $row['name']; $user_password = $row['user_password']; $_SESSION['id'] = $row['id']; And, when I jump to my existing profile edit, it either logs me into the wrong profile or determines my session is invalid. What would be the best/easiest way to integrate the two? I don't mind using cookies but, I read that sessions were more reliable/safer (being that cookies are stored on the users machine). At this point, I probably just want to do whichever is easier. Thanks!

Paul
Administrator

Usergroup: Administrator
Joined: Dec 21, 2001
Location: Northern California
Total Topics: 56
Total Posts: 5844

Posted 05/18/05 - 11:37 AM:	#2
Since I don't know much of anything about handling sessions (a major reason there isn't a session login option, though the biggest reason is that I've never found a good reason for one), I can't comment on why your session login doesn't work. I read that sessions were more reliable/safer (being that cookies are stored on the users machine) Given that with sessions an unsuspecting person can accidentally give someone a link that makes the recipient be logged in as them, the "safer" suggestion strikes me as just plain absurd.
_____________________ "Do things you love doing, because then it ain't work. Don't do something you don't really enjoy, because you're never going to work hard enough at it." - Bob Young, founder of Red Hat

knotworking
Experienced

Usergroup: Customer
Joined: Mar 31, 2004
Total Topics: 20
Total Posts: 83

Posted 05/18/05 - 01:29 PM:	#3
Just going by the book I read (by Ullman, I think). But, however accurate my memory and what the book stated, I still want to integrate the systems. My login script establishes a session and $id for the user. The edit script then pulls the data out of the database based on the $id. I think I can figure out how to have the script check a cookie value vs. a session value. Does the cookie set by the gallery login use something readily readable like a plain id that can be checked by my edit script? Basically, is there a fairly easy way I can use the cookie values established by the gallery in my edit script? Thanks!

Paul
Administrator

Usergroup: Administrator
Joined: Dec 21, 2001
Location: Northern California
Total Topics: 56
Total Posts: 5844

Posted 05/26/05 - 10:27 PM:	#4
You can view the cookies set by clicking the PHPinfo link in your admin panel. There's one for the user id and one for the (encoded) password.
_____________________ "Do things you love doing, because then it ain't work. Don't do something you don't really enjoy, because you're never going to work hard enough at it." - Bob Young, founder of Red Hat

knotworking
Experienced

Usergroup: Customer
Joined: Mar 31, 2004
Total Topics: 20
Total Posts: 83

Posted 05/31/05 - 03:05 PM:	#5
I looked through the PHPINFO pretty thoroughly. I found the ID cookie referenced several times along with votes: _COOKIE["votes"] _COOKIE["wsnuser"] but no password. Is the password called UNIQUE_ID or something?

Paul
Administrator

Usergroup: Administrator
Joined: Dec 21, 2001
Location: Northern California
Total Topics: 56
Total Posts: 5844

Posted 06/01/05 - 10:30 PM:	#6
wsnuser, wsnpass
_____________________ "Do things you love doing, because then it ain't work. Don't do something you don't really enjoy, because you're never going to work hard enough at it." - Bob Young, founder of Red Hat

You don't have permission to post.