Authenticate and Track Users with PHP
Page 8 —
Conclusions
| While the built-in session support with PHP 4 provides greater flexibility and security than storing every user variable in a cookie, there are a few places for improvement. For example, only single variables and not entire user objects can be stored inside a session. But hey, unless you're doing intense, object-oriented programming, you can work around it. Given that the first release of PHP 4 is still in beta, I'd say even the developers know there's room for growth!
Then there's the cookie aspect: What if a user doesn't accept your PHPSESSID cookie? How will PHP know which session file to use, if it can't extract a session ID from a cookie? In this case, it then becomes your responsibility to send the value of PHPSESSID via GET.
For example, the session02.php file contains this line:
|
If you now feel your color selections are atrocious, please feel
free to <a href="session01.php">change your preferences</a>.
|
As part of the link, add "?PHPSESSID=[value]":
|
If you now feel your color selections are atrocious, please feel
free to <a href="session01.php?PHPSESSID=<? echo "$PHPSESSID"; ?">change your preferences</a>.
|
It's a little more work for you, but it ensures that a session ID of some sort always follows users as they move through your site.
All in all, the initial session support in PHP 4 is a good start. It will likely suit the purposes of most people. Given the rapid development of PHP 4 and the Zend engine, I can hardly wait to see what the next year brings from this team!
|
|
|
