0

I have a small situation here but I wanted to try and be sure I was approaching this in a correct way.

I have a web application that is used by several shops. Each shop is authenticated through htaccess and htpasswd in order to connect to the correct database. This portion works great!

Each shop has multiple employees but each employee uses a separate computer/workstation.

So it goes Shop logs in, gets authenticated, connects to proper database and then loads a login page.

At the login page the user logs into the application using name and password, and they are good to go. At this point I am loading user information (UserID, Security Level, etc) into the session. Part of my problem is trash collection as every once in awhile the session variables are getting lost. Every page has session start as the first thing so I imagine after an hour or so of inactivity the session is getting collected by the trash collector and poof, it is gone.

I am toying with the idea of loading the user information into the $GLOBALS supervariable to avoid losing the session due to inactivity. Now, I realize that there are ways to delay/stop the trash collector in PHP but it seems to me if I use the global scope it removes the need for extra coding or configuring of PHP. Am I correct in assuming that as long as each user is on their own machine accessing the site that using the $GLOBALS will only apply to each user?

benomatis
  • 5,536
  • 7
  • 36
  • 59
phpnoobie
  • 61
  • 10
  • 1
    I think you have a misunderstanding of what `$GLOBALS` are. This [answer](http://stackoverflow.com/a/14848246/1022914) provides a short good explanation about the difference between `$GLOBALS` and `$_SESSION`. – Mikey Jun 08 '16 at 20:11
  • I understand that. But my point is that although $GLOBALS remain tied to one user as opposed to the application. With each user logging into the site from a seperate computer then shouldn't the $GLOBAL variables work kind of like session variables with the eception of the trash collection thing? – phpnoobie Jun 08 '16 at 20:17
  • 2
    That's the thing: global variables are **not** like session variables. If you create a global variable, it will die the moment you change/exit your script like a normal variable whereas a session variable still stay alive until it expires or you forcibly unset it. General rule of thumb: never use global variables. – Mikey Jun 08 '16 at 20:23
  • Ok I see so the reason my global variable is persisting from page to page is that I am declaring it in the dbcon.php. And the dbcon.php is included in every page so the global just keeps getting reset to the proper value? – phpnoobie Jun 08 '16 at 20:27
  • That's probably what is happening. If you need more information on why global variables should be avoided, check this [answer](http://stackoverflow.com/a/19341661/1022914). – Mikey Jun 08 '16 at 20:41

2 Answers2

2

Think you have a general misconception of session and global variables.

Global variables are the variables which remain common for the whole application… Their value can be used across the whole application whereas Session variables are variables which remain common for the whole application but for one particular user. They also can be used across the whole application… But they die when a particular user session ends.

https://stackoverflow.com/a/14848246/1022914

I recommend using sessions though. Check the user details against user data stored in a database. If it passes authentication, create session variables with user data to be used across your pages. This makes thing a whole lot easier

Community
  • 1
  • 1
Mueyiwa Moses Ikomi
  • 1,069
  • 2
  • 12
  • 26
  • BUT as I stated the users remain logged in for 8 to 10 hrs and sometimes there are very long inactive periods. When that happens the trash collector comes calling. – phpnoobie Jun 08 '16 at 20:22
  • 1
    Then you might want to look into sessions and cookies proper. Session end when the browser closes. So you can write a function to handle inactivity and what to do when it occurs – Mueyiwa Moses Ikomi Jun 08 '16 at 20:29
  • This [answer](http://stackoverflow.com/a/1270960/1022914) could be useful on how to handle inactivity. – Mikey Jun 08 '16 at 20:34
-2

You can use cache . It can help u to keep user logged in always , as facebook .

Mr. Ramil
  • 1
  • 1
  • Don't want to keep them logged in indefinately. Just trying to get past the trash collection of php without having to jump through the hoops of modifying the php configuration or write more code. – phpnoobie Jun 08 '16 at 20:19