|
||
|
|
|
Current
| Archives
| Contact
Me
Related
Links | My
Personal Journal | Diaryland
 |
 |
|||||||||||
|
�A session with the cookie monster� One evening last week I pounded together some code to show a coworker - basically, I did an authentication system using cookies. We're working on a demo to show someone for a site we may do for them, and I thought it would be good to start the code now rather than later. You know the type - if you're logged in, show a text snippet to greet them, and if they're not ask them to log in. You can sign up, it sends you an email to give you your password, etc. Basic authentication and the like. The code worked fine, but it took a while to write, and had a feel of ad-hockery to it. It felt like I strung it together with spit and bailing wire. In part, I did, 'cause I was writing it to show him the next day. Also, I felt bad because the system pounded on the database every time you logged in, verifying this, checking that, doing joins on tables... it didn't seem efficient. Of course, I am basically re-logging somebody in each time I do that. I have to do all the hard work of checks and computations every time they log in. It's wasteful. The obvious answer was sessions. About three years ago I read a piece about doing sessions in php3. It seemed like such a monumental effort that I discounted it (but then, three years ago everything seemed like one). Now php4 has built-in sessions support. At lunch today at work I sat down to tinker with them. Sessions are so trivial, it's laughable. Apparently I was making too much out of nothing. Here's my code to implement a minimal session. I ran it under Linux with PHP 4.2.1:
Not too much, right? Right. But what it does is starts a session handler. Before I do that, though, I give it a name (else it has the default one, "PHPSESSID") and set my parameters. After that, I fetched the cookie parameters into an array to make sure they were setting correctly. The meat comes next. I just work with a variable in the session global array. Since the first time I hit the site it's not set, I echo that I've never been there before, and if I have I show some text using the variable. Simple. Then I increment the variable. It's automatically registered in the scope because it's a member of $_SESSION. It's a built-in part of the language spec now. The last bit is a useful function for debugging that prints whatever data is in the variable that I pass to the function print_r(). In this case, I pass it the array of cookie parameters. After the code is done, I close it off - the script knows to save the session information locally, and I'm done. It's like magic. The best coding is effortless, and PHP is making coding more and more effortless. Sure, you still need know-how to know how things work, and I like to know that I know the bones to make sessions work on my own, but it's also nice to be able to prototype code quickly with PHP because I know that the support is built in. Maybe this is why I've started on my content management system for my site. Because I know I don't have to move every mountain in the world to make it work now. Does this make me lazy? Perhaps... but at the same time, it means I can focus on functionality and not infrastructure. Note: Just in case you don't know, Internet Explorer sucks. I have 5.5 SP1 at home, and apparently you can't make the time limit on a cookie less than your current time plus 7200 seconds (two hours). It ignores the cookie if it's anything less; this made me crazy because for testing I had the cookie length at 90 seconds. Once I made it longer, it accepted the cookie and worked for me, no questions asked. In addition, a friend who has IE 6.0 had the same issue as IE 5.5 SP1. I didn't encounter this issue in Netscape 4.7, though (of all things). Even stranger? IE 5.5 SP2 at work didn't have the issue, either.
|
||||||||||||
| ||||||||||||
 |
 |