Re: [Phplib-users] Sessions where are we going??
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Sessions where are we going??
|
From: Donncha O C. <don...@tr...> - 2002-07-01 11:32:01
|
Ah.. I see the context of that quote now. I don't think Tarique was argui=
ng=20
that we use phplib without php4 sessions, as he wrote a document explaini=
ng=20
how to get that working. He meant that if you attempt to use the=20
session_start() (and associated PHP4 commands) outside of the framework o=
f=20
phplib then the auth, user and perms functions of phplib won't work. To q=
uote=20
his second example:
session_start();
page_open(array("auth" =3D> "Example_Auth",
"perm" =3D> "Example_Perm",
"user" =3D> "Example_User"));
Obviously here phplib has no way of "connecting" to the PHP4 session to s=
tore=20
the auth, perm and user information.
His final example lists the standard page_open() call using phplib sessio=
ns,=20
with or without PHP4 sessions as a backend/storage container.
Err.. we're all in favour of using PHP4 sessions to store phplib session =
data=20
aren't we? If you follow the advice listed in the previous webkreator art=
icle=20
mentioned in this thread then it should be as secure as using a database=20
backend.
Donncha.
On Monday 01 July 2002 12:06, Giancarlo wrote:
> > > Donncha O Caoimh wrote:
[snip]
> > > It is interesting, and in facts it clearly states that with auth, t=
he
> > > session is better handled by phplib rather than PHP4.
> >
> > I'm not certain what you mean by that.. but I'm satisfied by what he =
says
>
> It was in facts Tarique's doc, linked from there, that says that, at
> http://www.sanisoft.com/phplib/manual/php4_sessions.php
> and I fully agree.
>
> << If you want to use phplib's auth, perms or user variables, it is
> better not to use PHP4's session functions, but only phplib's >>
>
|
