0

In PHP, MUST we make the user create an account to use the $_SESSION ? (Explained in the description)

I have an exercise where I have to create a website that asks the user to enter a city name. If the city exists in the database (that I have already filled with a few cities), it shows the user a small description of the city. I managed to do that part. But now I have to add a feature for the user: I have to display on the index page, for exampler under the form, a list of the cities they already searched (of course just this user, not all the cities that everyone ever searched on the website). So I created a "user_search" table in the database to store their entry and I know I have to use sessions for that and I've learned some stuff about them but I don't quite understand everything yet. And I am under the impression that we can use them without having to make the user create an account and identify themself. Or am I wrong? Thank you for the help !

19th Apr 2021, 5:27 PM
Tom BayBee
Tom BayBee - avatar
2 Réponses
+ 2
Tom wrote, "And I am under the impression that we can use them without having to make the user create an account and identify themself. Or am I wrong? " Response: You will definitely need a way to associate the client user with their past searches so your user_search table sounds great. I would store user id and maybe client IP address in it. If the user is signed in, that'll identify him perfectly and your search query will work very well. If not signed in, you could rely on IP address. There are a number of issues with IP addresses since a VPN will mess it up among other things. The user agent of the browser from the client could be useful too when the user isn't signed in. People will often reuse the same web browser. Like the IP address, other users may have the same user agent so it isn't as reliable as an authenticated user but could be useful if you want to find the search results for someone who hasn't signed in. The user agent is available as an HTTP request header.
19th Apr 2021, 6:38 PM
Josh Greig
Josh Greig - avatar
+ 2
Tom BayBee In short, $_SESSION can be used to track the activity of anonymous users. It helps to know how $_SESSION works to understand what to expect. First, the $_SESSION object persists state in the server's memory that spans across HTTP requests based on a session id. That session id is sent to the browser via a set-cookie response header and stored in a cookie. That session id is then passed back to the server in every HTTP request as a cookie header. PHP resolves the correct $_SESSION object based on that session id. Therefore, if the user changes to another browser without that session id or clears their cookies, a new $_SESSION object will be issued with no reference to the other activity. Eventually, the $_SESSION objects will clear from the server's memory when it times out or needs to recover memory. Likewise, if you manually sync the cookie session id in multiple browsers, activity across all those browsers would be tracked using the same $_SESSION object.
23rd Apr 2021, 2:24 AM
David Carroll
David Carroll - avatar