| Re: multiple visitors at the same time [message #182994 is a reply to message #182989] |
Tue, 01 October 2013 16:09   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 10/1/2013 8:05 AM, Richard Damon wrote:
> On 9/30/13 11:37 PM, Michael Vilain wrote:
>> Most session IDs without a login aren't sufficiently unique. You'll
>> need to have additional criteria to ensure that to machines with the
>> same browser and hardware connecting to your server from the same IP
>> address are able to be differentiated between the two. That's up to
>> you. You sound like you need to do a lot of reading up on this before
>> you come up with a viable solution. Publically available stuff without
>> first authenticating the user will only get you so far.
>>
>
> Session IDs with or without login MUST be unique, or your sessions are
> broken (session logic MUST give a new id number to anything starting a
> session, or you don't have real sessions). Multiple connections from the
> same IP will be given different sessions.
>
> Using a session ID without a login will mean that any work the user does
> will be forgotten when the session expires.
>
> What adding a login does is to allow you to put into the session a user
> id from the login, so that the data from the user can persist from one
> session to another.
>
Just adding an id from the login to the session won't do a thing. When
the session expires, the data will be lost.
If you want the data to continue across sessions, you need to store it
yourself, i.e. in a database.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]