The PHP session system lets you store securely data in the $_SESSION global array. A typical example is to store the user’s identifier in the session when they type in their password: if ($user = try_login($login, $password)) $_SESSION[‘user’] = $user; Then, you can access that information on all other pages: if (isset($_SESSION[‘user’])) // logged in … Read more
The session cookie is per-process not per window. So even if you selected New Window you’d still get the same session id. This behavior makes sense. You wouldn’t want a user to re-sign in each time they opened a new window while browsing your site. I’m not aware off hand of any real way around … Read more
You could try to force PHP to delete all the sessions by doing ini_set(‘session.gc_max_lifetime’, 0); ini_set(‘session.gc_probability’, 1); ini_set(‘session.gc_divisor’, 1); That forces PHP to treat all sessions as having a 0-second lifetime, and a 100% probability of getting cleaned up. The drawback is that whichever unlucky user runs this first will get a long pause while … Read more
This gem works well: https://github.com/devise-security/devise-security Add to Gemfile gem ‘devise-security’ after bundle install rails generate devise_security:install Then run rails g migration AddSessionLimitableToUsers unique_session_id Edit the migration file class AddSessionLimitableToUsers < ActiveRecord::Migration def change add_column :users, :unique_session_id, :string, limit: 20 end end Then run rake db:migrate Edit your app/models/user.rb file class User < ActiveRecord::Base devise :session_limitable … Read more
You don’t appear to have write permission to the /tmp directory on your server. This is a bit weird, but you can work around it. Before the call to session_start() put in a call to session_save_path() and give it the name of a directory writable by the server. Details are here.
This Gist should answer your question: https://gist.github.com/raddeus/11061808 in your application setup file: app.use(flash()); Put that right after you set up your session and cookie parser. That’s really all you should need to use flash. You are using: req.flash(‘signupMessage’, anyValue); before redirecting to /signup right? Here’s a fun little tidbit that I currently use for a … Read more
{{app.session}} refers to the Session object and not the $_SESSION array. I don’t think the $_SESSION array is accessible unless you explicitly pass it to every Twig template or if you do an extension that makes it available. Symfony2 is object-oriented, so you should use the Session object to set session attributes and not rely … Read more
Overview Express.js uses a cookie to store a session id (with an encryption signature) in the user’s browser and then, on subsequent requests, uses the value of that cookie to retrieve session information stored on the server. This server side storage can be a memory store (default) or any other store which implements the required … Read more
I am just pretty new to use Django. I wanted to make session expire if logged user close browser or are in idle(inactivity timeout) for some amount of time. When I googled it to figure out, this SOF question came up first. Thanks to nice answer, I looked up resources to understand how middlewares works … Read more
Nabeel’s answer covers a lot of details and is helpful, but I found it confusing to follow. Since this is currently the first Google result for this issue, adding my understanding of it for future people that find this question: Running .execute() As OP and Nabell Ahmed both note, when executing a plain SELECT * … Read more