Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,127
    Thanks
    27
    Thanked 0 Times in 0 Posts

    Maintaining Logged-In Status and User Name

    I am adding a welcome message in my header file which is included in every page.

    If a user is logged in, they would see a message like: Welcome, Debbie!!

    What is the best approach to take to make sure this feature always works?

    Can I just look in the $_SESSION for the "LoggedIn" status and "UserName", or is that not reliable enough?

    Seems to me that about 3 weeks ago I got into a heated debate with others about the merits of using SESSIONS.

    Do I instead need to check for the "LoggedIn" status and "UserName" from MySQL on every page instead?! (That seems excessive and like a real resource-hog?!)

    Sincerely,


    Debbie

  • #2
    Banned
    Join Date
    Apr 2011
    Posts
    656
    Thanks
    14
    Thanked 69 Times in 69 Posts
    I don't see any problems using sessions.

    The way I display a welcome message like you are doing is like this

    1 - in my php script that checks if the username/password are correct when a user tries to log in, if the username/password match (meaning the user is a valid member) I then assign a session variable called $_SESSION['fName'] and assign it the value of the member's first name in the database table.

    2 - then on every page where the user needs to be logged in, after the code at the top of the page establishes the user is legitimately logged in you can

    PHP Code:
    echo 'Welcome: '.$_SESSION['fName']; 
    or a message along those lines wherever you need to.

  • #3
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,479
    Thanks
    63
    Thanked 538 Times in 525 Posts
    While the user is on the site using sessions are fine.

    As we've all tried explaining to you previously (and you were determined not to listen to) the reason that we advised against sessions in your registration process was because of users then closing the window (while they go to check their email) and then the session beling lost. There is a MASSIVE difference between that scenario and this.

    Sessions are fine for short term temporary usage but for anything where the user may close the browser, always use a database.
    I can't really think of anything to write here now...

  • #4
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    Come on kids, be nice.... OR ELSE.
    Quote Originally Posted by doubledee View Post
    Can I just look in the $_SESSION for the "LoggedIn" status and "UserName", or is that not reliable enough?
    Sessions are great for that. You don't want to keep too much information in a session, though. Usually just a unique identifier(usually a user id referencing the DB) and maybe the name if you are going to use it on every page.

  • #5
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,127
    Thanks
    27
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Inigoesdr View Post
    Come on kids, be nice.... OR ELSE.


    Sessions are great for that. You don't want to keep too much information in a session, though. Usually just a unique identifier(usually a user id referencing the DB) and maybe the name if you are going to use it on every page.
    So for security reasons I should only be storing the "UserID" and "UserName"?

    What about storing "returnToPage" which is the current page the user is on and the page they want to return to after they log in?!

    Thanks,


    Debbie

    P.S. I was playing nice, but Tango and I seem to not communicate so well at times. Blame the Internet medium...

  • #6
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    Quote Originally Posted by doubledee View Post
    So for security reasons I should only be storing the "UserID" and "UserName"?
    You don't really need to store the username if you are storing the user id because you can just look it up when you need to, but that's the general idea, yeah.
    Quote Originally Posted by doubledee View Post
    What about storing "returnToPage" which is the current page the user is on and the page they want to return to after they log in?!
    That's fine.

  • #7
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,127
    Thanks
    27
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Inigoesdr View Post
    You don't really need to store the username if you are storing the user id because you can just look it up when you need to, but that's the general idea, yeah.


    That's fine.
    So what about this scenario...

    A user is on the article "How to Incorporate Your Business" and wants to add a comment. The user is already a Member and so he/she clicks on "Log In".

    When the Log-In screen appears (log_in2.php), I want the following displayed...

    *******************************************
    Please Log In to comment on the article:

    "How to Incorporate Your Business"

    E-mail:
    Password:

    *******************************************

    When the user was previously on "www.mywebsite.com/articles/how-to-incorporate-your-business", that page was populated from my database and so I not only had the value for "ArticleID" stored in a variable, but also "Article Title".

    If I stored the Article's Title in $_SESSION['articleTitle'], then I don't have to query my database twice (i.e. Once to build the article and and twice to build the Log-In form.)

    I understand what you are saying about "Don't store everything in the Session, and just query more if you need it." However, my argument above has merits too, right?


    Debbie

  • #8
    Regular Coder dniwebdesign's Avatar
    Join Date
    Dec 2003
    Location
    Carrot River, Saskatchewan
    Posts
    846
    Thanks
    15
    Thanked 10 Times in 10 Posts
    One or two database calls to retrieve the last page visited, a username, etc.. will not slow down a page enough to notice. Hence why MySQL and PHP work wonders together.

    Here is how I usually run an authentication system (in which I use quite regularly)...
    1. Query DB to check for username and password while logging in.
    2. Store unique id of user from db into session (so I can identify user later on and retrieve more personal info from the db, should I need to). Also I use this to update a admin log to track users in case they screw something up, which uses another MySQL query.
    3. I store the users full name in a session, because it's always displayed on the pages.
    4. I store a "Is Logged In" session just for sanity checks.

    I query my db a lot and have never slowed it down.
    Except once when I had a loop that never ended, but that's a story for another time.

    Sessions are your friend for lots of things, such as what you are trying to do. You can also check out the $_SERVER['HTTP_REFERER'] variable as it sometimes stores the last page the user was on. Although, this is sometimes hit and miss depending on the browser. I use it when available and if not, I redirect the user to the homepage of my site. They know the page they were on so they can find it again.
    Last edited by dniwebdesign; 08-30-2011 at 04:53 AM.
    Dawson Irvine
    CEO - DNI Web Design
    http://www.dniwebdesign.com

  • #9
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,127
    Thanks
    27
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by dniwebdesign View Post
    One or two database calls to retrieve the last page visited, a username, etc.. will not slow down a page enough to notice. Hence why MySQL and PHP work wonders together.

    Here is how I usually run an authentication system (in which I use quite regularly)...
    1. Query DB to check for username and password while logging in.
    2. Store unique id of user from db into session (so I can identify user later on and retreive more personal info, should I need to). Also I use this to update a admin log to track users in case they screw something up, which uses another mysql query.
    3. I store the users full name in a query, because it's always displayed on the pages.
    4. I store a "Is Logged In" session just for sanity checks.

    I query my db a lot and have never slowed it down.
    Except once when I had a loop that never ended, but that's a story for another time.

    Sessions are your friend for lots of things, such as what you are trying to do. You can also check out the $_SERVER['HTTP_REFERER'] variable as it sometimes stores the last page the user was on. Although, this is sometimes hit and miss depending on the browser. I use it when available and if not, I redirect the user to the homepage of my site. They know the page they were on so they can find it again.
    Okay, but if I am going from "article.php" to "log_in.php", why query the database *twice* on back-to-back pages when I can get everything I need (i.e. Article Name for Log-In page) in one trip?

    If I needed the Article Name 10 pages down the road, then I'd query the database twice, but it seems to me for a case like this, just greab what you need and stash it in the Session. (Besides, it isn't like I'm storing anything sensitive in the Session or for a prolonged period, right?)


    Debbie

  • #10
    Regular Coder dniwebdesign's Avatar
    Join Date
    Dec 2003
    Location
    Carrot River, Saskatchewan
    Posts
    846
    Thanks
    15
    Thanked 10 Times in 10 Posts
    You could... really it's preference of how you wish to do it. I would just query the database twice.
    Dawson Irvine
    CEO - DNI Web Design
    http://www.dniwebdesign.com

  • #11
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,127
    Thanks
    27
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by dniwebdesign View Post
    You could... really it's preference of how you wish to do it. I would just query the database twice.
    And queries for even tiny pieces of information don't take a toll on your site's performance?

    I mean, for testing, no, but what if I had 500 concurrent users and I needed to make all of these repeated database calls to get each little tiny piece of info?!

    That's gotta catch up with you?!


    Debbie


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •