PHP Session or leave as is?

Soldato
Joined
2 May 2004
Posts
19,950
Hi,

Just wondered what is best? Here's an example:

Basically I'm submitting a form, this form submits to the same page the form is on so it can echo out some info based on what was submitted.

After I had finished that and it was all working I remebered about session IDs so I made it do this:

Form submits to a separate PHP page with the submit code in it, when that code is done doing it's thing it goes to a new page carrying the session id, the session id is then posted on another different page.

Basically the main thing that this is doing is avoiding someone making a macro that refreshes the page and presses OK to the little warning that comes up and re-submitting the same information, instead, with php session ids, when they refresh they'll just see the information there still which I really like.

So it's up to security, which way is safer?

Thanks
Craig.
 
OK, thanks, will look into minimum limit.

Is it safe to carry on using PHP Session? I quite like the fact it enables me to put their last submitted item at the top of the page.

Also, how can I make a session stay after the browser has been closed? Everytime I close the browser the sessions gets deleted meaning the users last file uploaded piece of text disappears.

Cheers
Craig.
 
OK, that's no problem, will allow me to do the same.
I read somewhere that this will give me a permanent cookie?

setcookie("CookieName", $cookievalue, time() + 31536000);
 
Cookies are working fine now :)
I think 13 years will do :p

Thanks for the help
Craig.

--edit--

Will time() + 99999999 make the cookie last around 13 years as you said? You edited it out :(
 
Dj_Jestar said:
If you are worried about spam bots, add a time limit (read: minimum limit) that someone can submit multiple forms - like these forums use, or even more secure, only let one submission per session, but all this can be avoided easily by the spam bot just simply clearing all data (cookies/get/post) and refreshing the page.

Hi,

I couldn't find anything on minimum limit, well I did find some stuff that limits form submission to x ammount of seconds but couldn't get any of it to work :(

Tutorial / examples would be brill :D

Cheers
Craig.
 
Back
Top Bottom