| Re: multiple visitors at the same time [message #183019 is a reply to message #182994] |
Thu, 03 October 2013 03:33   |
Richard Damon
Messages: 58
Registered: August 2011
Karma:
|
Member |
|
|
On 10/1/13 12:09 PM, Jerry Stuckle wrote:
> On 10/1/2013 8:05 AM, Richard Damon wrote:
>> On 9/30/13 11:37 PM, Michael Vilain wrote:
>>> Most session IDs without a login aren't sufficiently unique. You'll
>>> need to have additional criteria to ensure that to machines with the
>>> same browser and hardware connecting to your server from the same IP
>>> address are able to be differentiated between the two. That's up to
>>> you. You sound like you need to do a lot of reading up on this before
>>> you come up with a viable solution. Publically available stuff without
>>> first authenticating the user will only get you so far.
>>>
>>
>> Session IDs with or without login MUST be unique, or your sessions are
>> broken (session logic MUST give a new id number to anything starting a
>> session, or you don't have real sessions). Multiple connections from the
>> same IP will be given different sessions.
>>
>> Using a session ID without a login will mean that any work the user does
>> will be forgotten when the session expires.
>>
>> What adding a login does is to allow you to put into the session a user
>> id from the login, so that the data from the user can persist from one
>> session to another.
>>
>
> Just adding an id from the login to the session won't do a thing. When
> the session expires, the data will be lost.
>
> If you want the data to continue across sessions, you need to store it
> yourself, i.e. in a database.
>
>
Yes, I guess I assumed that someone would be smart enough to realize
that to store data for longer than a session would realize that they
needed to put the actual data somewhere besides the session itself.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]