Sessions Mod

[David]

Replace the cookies with sessions.  Chris wrote this mod once before but he didn't make it so that you could stay logged in once you close your browser.
http://www.yabbse.org/community/index.php?board=158;action=display;threadid=10983

[Gobalopper]

Doesn't 1.5 already use sessions? And you would need to use cookies anyhow to somehow know who the person was when they came back to the board after closing their browser wouldn't you?

[David]

Doesn't 1.5 already use sessions? And you would need to use cookies anyhow to somehow know who the person was when they came back to the board after closing their browser wouldn't you?

Yes but not for logins.  Sessions do use cookies to store a session id depending on how you do it.  I have played with it a bit but am confused, thus asking for someone to make the mod.

[Gobalopper]

Well the session won't last on the server side once you close your browser as the server deletes them after a certain time period.
So everytime you come back you will have to start a new session anyhow and right now it uses the user/password cookies to do that. What other way would you want to do it?

[David]

Sessions arn't actually destroyed on the server after the browser is closed.  Well, they are but the time it takes is somewhat random.  My basic idea behind this is currently if you log in and your browser does not accept cookies then you click once and you are logged out.

With sessions worst case is you login in and are logged out once you close your browser instead of having one click and being logged out.

Best case if you login and the cookie is set with the session id or something, this is where I got confused, so that when you visit the forum the next time after closing your browser you are still logged in.

I actually got all of that working.  My problem was setting the login length.  If I said login for 2 minutes, after two minutes I was still logged in.

[Gobalopper]

Ah ok, so something like a backup method where you use $_SESSION to store the username/password in case cookies don't work?

How are you setting the length of the login?

[David]

How are you setting the length of the login?

That was the issue, is the session_start() was making a cookie along side my cookie.  It was that cookie I couldn't seem to destroy.

[Gobalopper]

I did some more looking I think that cookie always happens... You're talking about the one that stores the session ID right?

Maybe just rewrite that cookie to change the length of it?

[David]

session_register just registers a session variable and it is better to use $_SESSION array anyway.

[Gobalopper]

Yep I just realized that. You could try rewriting the session cookie though. Using something like this to set the liftetime.

Code Select Expand

$info = session_get_cookie_params();
setcookie(session_id(), '', $some_time, $info['path'], $info['domain'], $info['secure']);

[David]

This is why I want someone to write this mod, I am just guessing how to make it work.

[Gobalopper]

You said you had another cookie, other then the default session one. What were you storing in that?

[David]

This was one version of what I tried.

At the beginning of the script

Code Select Expand

$cookieusername = 'caps';
$sesscookiename = $cookieusername.'_sessid';
if(isset($_COOKIE[$sesscookiename]))
   session_id($_COOKIE[$sesscookiename]);
   
session_start();
ob_start();


Later I played with the get and set params.

Login part, $sesscookiename is globalized at the begining of this function

Code Select Expand

   $expire = time()+(60*$Cookie_Length);
   setCookie($sesscookiename,session_id(),$expire,'/');
   session_cache_expire($expire);
   $_SESSION['username'] = $username;
   $_SESSION['password'] = $password;

To check if someone is logged in I do this

Code Select Expand

if (isset($_SESSION[username])) {
   $username = $_SESSION[username];
   $password = $_SESSION[password];
}
else {
   $username = "Guest";
   $password = "";
}


[Gobalopper]

Well I am working on fixing the cookie problems right now so I will see about adding in session support too.

What you have their looks to be close to what it should be. I think all that would have to be done is add if statements that checked to see if the SESSION already had the username/password set either before or after it checked the regular cookie.

[tdodnz]

Yesah sessions sound good, they are also alot more secure