8 Replies Latest reply on Jun 25, 2007 12:33 PM by (Steve_U)

    Are Session Variables in PHP Evil?

      Hi,
      I am new to PHP and just evaluating Dreamweaver CS3 and ADDT. I have experience with Dreamweaver Ultradev and ASP. I always avoided session variables like the plague with ASP, but it looks like they are used frequently by ADDT. Are session variables a problem? If so, is there a way to configure ADDT to store the information as a cookie instead of a session variable?
      Thanks!
      Steve
        • 1. Re: Are Session Variables in PHP Evil?
          Günter Schenk Level 4
          Hi,

          in what sense do you think session variables are a "problem" or even "evil" ?

          Günter Schenk
          Adobe Community Expert, Dreamweaver
          • 2. Re: Are Session Variables in PHP Evil?
            Level 1
            Everything I ever read when developing with Active Server Pages said to avoid them-- that they take up memory on the server and for large commercial sites, this can be a significant burden... but maybe the way PHP handles the sessions is different??? ADDT uses them liberally, so hopefully they know what they're doing...
            Here's one of the articles I was referring to.

            http://4guysfromrolla.com/webtech/faq/Advanced/faq4.shtml

            Thanks for your comments!
            Steve
            • 3. Re: Are Session Variables in PHP Evil?
              Günter Schenk Level 4
              I honestly wouldn´t be bothered about that at all -- unlike a "commercial site" (sort of "web shop" you mean ?) ADDT by default allocates only 2-3 session variables ("kt_login_id", "kt_login_user" and, depending on your login settings "kt_login_level". Adding additional variables is up to you, but you won´t need to) to the respective user throughout the whole process, and once the user logs out, the session will usually be destroyed on the server, means PHP deletes the session files from Apache´s "tmp" folder.

              However, the default saved session data is actually as minimalistic as can be -- 1 normally short "username" and 2 numeric values (id and level), so it were digressive to consider this to be a "significant burden" on your server.

              well, please allow me a personal comment on the article you´re referring to :: I have *rarely* had the displeasure reading such a badly written article coming with a just lurid style of "arguing" -- and see what phrases like "Session variables are evil, Session variables will hurt you" has done to you :: you have taken this scaremongering nonsense nearly literal.

              Günter Schenk
              Adobe Community Expert, Dreamweaver
              • 4. Re: Are Session Variables in PHP Evil?
                Level 1
                Yes, that is what I figured as well. Thanks for confirming that they are not as bad as the article made them out to be!

                Now that I have decided to go ahead and use the session variables, I am trying to set a few additional variables through the login settings wizard in ADDT. Specifically, I am trying to store the users firstname, email, and gender so that I can reference these values in the welcome.html, activate.html, and others pages. However, I am having trouble referencing them in the same way the kt_login_user and kt_login_password. Is this because they are somehow set as global variables while my new variables aren't? I would like to be able to reference their values from an html page-- not only through php. I have been trying to find the file in which this occurs for the kt_login variables and have not had any luck. Any suggestions would be much appreciated!
                Thanks,
                Steve
                • 5. Re: Are Session Variables in PHP Evil?
                  Günter Schenk Level 4
                  well, static html files simply can´t evaluate session variables -- "dynamic" features are reserved to "dynamic" pages.

                  Günter Schenk
                  Adobe Community Expert, Dreamweaver
                  • 6. Re: Are Session Variables in PHP Evil?
                    Level 1
                    Yeah, I guess the welcome.html and activate.html pages are just included in the register new user file. I just need to figure out how to make my custom fields global like the kt_login ones so I can reference them the same way in the welcome.html page, i.e. {kt_login_user}.

                    Thanks,
                    Steve
                    • 7. Re: Are Session Variables in PHP Evil?
                      Günter Schenk Level 4
                      welcome.html and activate.html are ADDT´s default templates for sending confirmation emails to new users.

                      >>
                      I just need to figure out how to make my custom fields global like the kt_login ones so I can reference them the same way in the welcome.html page, i.e. {kt_login_user}
                      >>

                      once your "custom fields" have been defined as additional session variables, they are just as "global" as ADDT´s default ones.

                      Another solution which works without adding a new session variable at all :: on your "send email" page you can also create a query like "SELECT firstname FROM user_table WHERE user_id" equals the default session variable "kt_login_id" -- means you can use the query´s "firstname" value as dynamic data in your email template

                      Günter Schenk
                      Adobe Community Expert, Dreamweaver
                      • 8. Re: Are Session Variables in PHP Evil?
                        Level 1
                        Thanks-- that works great!