hey yall wanted to know about sessions and how they work exactly first i start a session <?php session_start(); $_SESSION['admin']; ?> my question is would this session be available for every body who visits this page or just for my computer because what i would like to do is basically hide and show a <div> based on whether the session is set or not but only for my use if(isset($_SESSION['admin'])){ <div>and some stuff only to be viewed by admin only</div> } so would sessions be the best for this, or would this div show on all pages and were should i start the session <?php session_start(); $_SESSION['admin']; ?> should it be set on a private page or can it be placed in the header of all public pages i don't know anyways any help would be extremely helpful thanx alot
PHP sessions allow you to keep some information persistently while the user browses your website. The information stored on a session is kept on the server side, thus a session is deemed to be more secure than a cookie (that typically stores the information on the client side). How does it work? The first time you call the session_start() function (the first new client request), the server internally generates a random string and stores it on a cookie in the client's browser. Typically the cookie is called PHPSESSID (and this is the only thing that gets stored on the client side). To the unique value of this string, the server internally associates a set of information. So when you issue the session_start for a second time (after creating some session data), the server simply looks for the unique key stored on the client's cookie and retrieves the corresponding information on its side. Directly addressing your questions: If you start a session for every single request you receive on that page, then yes the session will be available for everyone who visits your website (and thus you'll be showing that div to everyone). Typically what you should do is to set up some kind of authentication mechanism (login/password combination, whatever). Only when the client successfully authenticates is that you create a session for that user. From that moment on, just test if the session is there and if it is, you know that you can show whatever private information you want to that person. Take a look at the following example: login.php - http://paste2.org/p/1765737 whatever.php - http://paste2.org/p/1765738 Obviously the form is missing on the login.php file, but hopefully it'll help you grasp what I (tried) to explain. Good luck!
A very simple method of modifying your code to show proactiv3's explanation in action would be to do something like: <?php session_start(); if(isset($_GET['teststr']) && $_GET['teststr'] == 'secret') $_SESSION['admin']; if(isset($_GET['teststr']) && $_GET['teststr'] == 'destroy') unset($_SESSION['admin']); ?> PHP: If you then access your url using http://yourdomain.com?teststr=secret or http://yourdomain.com?teststr=destroy you can see the session being set and unset. It's obviously not secure at all though.
A session is unique to every visitor, so if a session is set as Admin for your computer, it will not be set for anyone else, unless you allow them to do it. starting sessions should be done toward the top of your code, certainly before you issue any command like echo...
ahhh very nice yall just what i wanted to find out those suggestions works perfectly fro what i intend to do