Watching for the first time "oh i see i see" , watching it the 2nd time "oh so that's what it was for now i get it", Thanks for this precious series Dani.
I have been looking forward to this tutorial, always a pleasure learning from you Dani. Everyday it's a new day to learn something new. Keep up the good work, you are a blessing to many others.
What a great video, thank you! My doctor didn't explain stuff this clearly and I was confused on undet and destroy. Will putting destroy in a form that goes to the same page be considered going to "another" page? I will test that out.
Here are what I got from this lesson - Sessions are stored in the server side - to start a session you write sesssion_start() function before any session variable - unset() function is used to unset any type or variables even normal variables not only session variables example unset($var1 ,$var2, $var3) - session_unset() function unset all session variables - session_destroy ends and completey remove the session from my page but this must be executed in every page but better to use session_unset() remove all sesssion data am I right Mr Dani?
session_destroy should be used whenever you are done with the session. 🙂 So not on every page. For example if a user is logged in, then we want the session running until they log out, so when they log out THEN we destroy the session. 🙂 And yes a session is a link between the user and the server, so a session ID will be stored in both the client (as a cookie), and on the server.
Hey there king! dope tutorial, however Im hitting a stumbling block where even though my two pieces of code are identical (copy and pasted) index runs but example does not and it gives me an undefined array warning. No idea why.
I put the sentence $_SESSION["username"] = "Krossing"; in example.php and at the beginning i opened index.php said error then try to open example said Krossing after it refresh the site index.php Krossing appeared why was the error for
Hey Danni. This is super useful. Just a quick question, when I try to inspect my page, I can only see "PHPSESSID" cookie and not pma_lang. Am I doing something wrong?
99% of the time, it's because of a typo. 🙂 Even when people say they "copied everything exactly". But you are more than welcome to share the code here, so I can help you find it.
What happens when let's say I have a login system and I copy the session cookie and paste it on another system. Would that log into the site ? If yes then how do I protect my site from that?
Session hijacking is something that you also need to protect yourself against, to make sure that other people doesn’t get access to your session through your cookie. You can do things like making sure the cookie gets regenerated periodically, and I do actually have a “security video”, which goes over basic examples. 🙂 if I remember correctly, it is in this playlist as well. But I just wanna point out, that while it is good to understand security, you will have much of this taken cared of when you use frameworks like Laravel. So it’s generally recommended not to ”create security code from scratch”, since others have done it better for you.
I didn't quite understand the point of session_destroy. If every page on the website has a session_start() command at the top, woouldn't that undo the destroy? It seems like session_unset would actually do everyhing we want, so why use session_destroy()?
Let's take an example to better visualize it. 🙂 Imagine you have a safe which has a code to enter it, and inside the safe there is money. When you are done with your safe, you have two options... 1. You can remove the cash from the safe. 2. You can throw out the safe, and get a new one. So let's take an example, where a thief has figured out the combination to your safe... If you just go with option 1 (unset), then there is no money for him to steal, but he will STILL know how to get into the safe. Which means the next time we put money in there, he can grab it. If you go with option 2 (destroy), then the thief no longer has access to your safe, since you got yourself a new safe. And this is how session_unset() and session_destroy() work. 🙂 One removes the data, and the other destroys it, which forces a new session to be created. So essentially what we do by combining the two, is that we "remove the money, and then get a new safe", to be completely sure that the thief (hacker) doesn't have access.
@@Dani_Krossing Thanks for that great explanation! So it makes sense to both unset and destroy. Next question: Suppose the session times out due to no activity... is the session destroyed in that case? I would hope so, as I wouldn't have the chance to destroy it explicitly in code. Or am I asking a question you'll be answering in a subsequent video? Thanks again for the quick reply!
sorry it is not good practice, can you make a better session tutorial with native php by creating a session class, and starting session @ some common page instead of adding it to all pages ?
Keep watching ... 😉 As I explained in this video, this one only introduces people to what a session is. In the "session security" video coming up, I show how to create a config file for sessions.