Posted by Jon Slaughter on 04/28/07 20:57

"Mike P2" <sumguyovrthar@gmail.com> wrote in message
news:1177778357.653654.186800@l77g2000hsb.googlegroups.com...
> For clarity: sessions store variables that you want to stay the same
> while each person browses your site, the variables are only the same
> for the same person, each person has their own session, and when the
> session expires (usually after 15 minutes of that person not doing
> anything on your website, but that number can be changed in php.ini),
> those variables are lost. You have to remember to call session_start()
> before using session variables or sending any output to the browser if
> you want to make use of the session on a page (it usually sends
> cookies to the browser in headers so it can remember the session id
> for that person). Sorry if you already know this, I just want to make
> sure first.
>
> You usually shouldn't need to worry about the server remembering the
> session state, that should probably work without you changing
> anything.
>
> If you are on a shared hosting plan, plain sessions may be a security
> risk. Session files are normally stored in a common folder that might
> not protect your session data from being read by other websites on the
> server (on purpose, don't worry about it mixing them up). If you are
> running PHP as a CGI binary and can have your own php.ini, be sure
> change session.save_path (which defaults to /tmp) to somewhere that
> only you have access to (if PHP is running as a CGI binary and is
> running as your user, you can change the permissions on a directory
> you make in your own space to be extra save).
>
> You can also use session_set_save_handler() to manage your session
> data yourself. You can make functions (or a Session class with methods
> for organization) that save the session data into files yourself, or
> even to save the serialized session data into a database.
> http://us.php.net/manual/en/function.session-set-save-handler.php
>
> You can use sessions to improve your hit counter by saving a variable
> when you count that user, so you can count more unique hits. For
> example, you could do something like this:
> <?php
> session_start();
> if( !isset( $_SESSION['hit_counted'] ) || !$_SESSION['hit_counted'] )
> {
> file_put_contents( 'hits.txt', (int)@file_get_contents( 'hits.txt' )
> + 1 );
> $_SESSION['hit_counted'] = true;
> }
> ?>
>
> Note that for something older than PHP5, you would need to use
> different file functions. Also, sessions will not store the count of
> hits, you need a file or a database to do that. The above code will
> create a hits.txt file if there is not one already. It is important to
> remember that it will not count completely unique hits, but just count
> once per session. If you want to try to make it completely unique, you
> would not need sessions but cookies instead, or you could store IP
> addresses in a database. You might as well try Google Analytics
> (google.com/analytics) if you want serious traffic analysis (it's
> free, and it's just a little JavaScript snippet that connects to
> Google).
>
> As for logins: yes, sessions are a good way to remember whether or not
> someone is logged in and their user data if your session files are
> secure.
>
> -Mike PII
>

Thank you for taking the time out to explain some of the details. The point
you bring up about security worries me. I'm going to have to look into that
more.

What I'm going to do with the hits thing is just use there(the hosts)
statistics page. It gives a much more detailed view and I don't see any
reason to duplicate any code just for it. I'll look into the google thing
though as it seems cool.

Thanks,
Jon

[Back to original message]