Forums

Good morning world !
I am using your excellent form system to aid me in writing a hiring website. I have run one for some 10 years on a network but this is my first venture into the wide web. On a network everything is in fairly well under control. I understand on the web that individual contexts are held together by 'sessions' or 'cookies'. But I was advised that Joomla takes care of these.

If I use a form to establish say the dates of hire and put the result into a table called 'hiredates', and I then get a name and address say 15 minutes later and store those in appropriate tables. How later can I relate the Name and address to the dates?
In other words in there a 'session' value stored, or available to be stored, in with the result of the forms ?

Sorry to be so ignorant but ??
--
Dave

Hi Dave,

I'm no expert in these areas so stand to be corrected . . . and, as I understand it.

Cookies and sessions are somewhat different beasts. Cookies are files stored on the users computer into which an application can temporarily store a chunk of data. How long they are stored for depends on (a) the cookie setting and (b) the user - who may delete or block them. Sessions are a way of keeping track of a user over a period of time and across web pages using a unique identifier called a session token; there's also some data storage associated with the session token so that you can keep some user variables thoughout the session. The session token is sent to the user as cookie (becuse this may be rejected it can also be sent as a part of the url) the session data storage may be in a file, the database, a cookie or a memory cache, though the default Joomla implementation is to store the data in the database.

You can change the length of session (default is 15 minutes) for your site and the storage method in the site Global Configuration | System setting.

Joomla creates a session each time it detects a new user (including guests); the data is saved until the session is ended either because it times out or the browser is closed. The Joomla session data is only stored while the session is live.

This is all automatic and is handled by Joomla. You can however read and write your own data to the session store using

<?php
$session =& JFactory::getSession();
$session->set('name', 'value');
$session->get('name');
$session->clear('name');
$session->has('name'); // check if the variable is stored
?>

Note: The variable saved can be a simple variable, an array or an object (though I've had some problems with errror messages saving objects).

You can read cookie values using JRequest like any other get or post variable; Joomla doesn't have cookie writing method that I have found but you can use the standard PHP setcookie() function.

All that said what you need depends on how your users behave. If they are likely to complete the process in one session that's fine; if they may go away and come back an hour later for the next step then you probably want to provide some identifier of your own.

With multi-part forms where there may be a delay I have created unique identifiers for the user - saved this in the database and as a user cookie with a life of a few days, weeks or months. Then I can check a new user to see if they have a cookie that matches them up with some existing data (I'll probably also check their email address later in case they are returning from a different computer).

Bob

Thanks Bob for your response so far.
I must say that what you say corresponds with what I have in several books about web-sites, But I was advised that
'you do not need to worry about sessions and cookies Joomla takes care of all that'

I look at the Joomla database and see a jos_sessions table with a session id stored. Thats fine. but I have logged on and off many many times and only 4 sessions are stored !! (Perhaps I do not log off but just depart !)

Now I assume it would make sense if every Chronoforms stored contained a copy of the session id, Then they can be correlated.
But how else can they be correlated and if not, what use are they ?

--
Dave

Hi Dave,

Ended my post (for the moment at least).

You don't need to worry about sessions and cookies - unless you want to use them to store your own data.

You only have four sessions left open because the session records are normally deleted when the session ends. If there are four open you should see four users logged in at the back-end.

Bob

To add to Bob's answers:
Sessions are generally destroyed by the GC (garbage collector) when the session expires. The sessionID (token) may very well be reused, should your browser not have deleted the cookie yet. Hence, as long as you login and logout several times from the same browser in short time, you'll end up (re)using the same table row in the database.

Saving objects: Any data (including objects) that is to be saved in the session data must be serializable. Great care should be taken to provide Class declaration whenever an object may be retrieved from session data. Also, objects of the type "resource" may not be stored into session data.
For further reading: http://www.php.net/manual/en/language.oop.serialization.php

Dave:
I'd suggest you store the token pointing at that first table as a cookie. In your second form, you'd then retrieve that cookie and add it as a hidden field. This is, assuming you're linking two tables on a 1:n or 1:1 ratio

Thanks nml very much
for your contribution, You obviously are well versed in these things. I am not.
Firstly when I look at jos_sessions I see a session has a 'name' and an 'id' both of which look like big hashes. what is the significance of each?

All I am trying do is to tie tables together with something...and I do not want to use login hence I cannot use username etc.

So I presumed that a session id stored in table A and stored in table B would enable me to say with some certainty that table A and table B entries came from the same user at about the same time.

I have the ip address and the exact time as further (not entirely reliable) guides.

At the 'checkout' point he will give full details and can be 'registered' for next time if required but I do not want to bother a client with login before he gets anywhere.

At this point I want to collect the data off all the 'temporary' tables and put it in proper dataase fashin into an Addresses table and a Names table and a Orders table etc etc.

It will be sad if the stuff ordered by Mrs Higgins get sent to Joe Bloggs !! (but not unheard of !)

If the session expires and so the contact is lost then no checkout will occur and the temporary tables will be cleared.
The session will be set much longer than standard.

Am I completely off-track ? It would not be uncommon.
--
dave :?

Hi Dave,

I don't believe that you need to check IP addresses or session ids (unless you need to double check) - or indeed the other contents of the session. Joomla will manage the user session - and as long as the session remains open you can be sure that any data you save in the session belongs to the same user.

You can build a user data set as an array or an object and save it into the session between pages; or you can save it in your own database table and save a unique identifer in either the session, or in a separate cookie.

Bob

Thanks again Bob,

If that is the case then it saves me a lot of worry.

I scanned the Joomla forums to see what I could see about 'sessions' and it was minmal except some concerns that if a user broke off and then reconnected whether the session id should, or should not, be restored from the stored cookie on the users machine. Then the question ...if he did not allow cookies ?
Also it seems that if a user stays connected beyond the session expiry length...he get issued with a new session ID ! But I will cross that bridge when it hatches.

On another note I have a great number of questions about Chronofrom technicalities I would like to ask...I have listed 23 of them on a note to myself. Do you want to know ? All about the more exotic functions in the editor. Is there any other source of info or are you holding the world on your shoulders, broad as they are.
--
Dave

Hi Dave,

Without registration (and maybe even with registration) there's no ideal way of identifying a user with 100% certainty - there's always the 'next customer' in the internet café who picks up where the previous one left off. But normally, it's OK.

By all means ask your questions - we'll have a go at answering them . . . Max knows it all, I've worked out some of it.

Bob