Check Session Id for Users for Private Messaging on Your Website
- Private Messaging on Your Website
- Private Message Login
- Private Message Logout
- Private Message Sending Form
- Send Private Message
- Private Message Inbox — Received Messages
- Private Message Outbox — Sent Messages
- Check Private Message Session ID
- Delete Received Private Message
- Delete Sent Private Message
This page is a tutorial on putting a private messaging (PM) system session id checker on your website. It uses sessions and PHP. The screenshot above is the private message inbox—one of the app pages that uses this id checker. Note that the various app pages listed above, about private messaging, start with a PHP include that insists on adding this PHP file, checkid.php, to each page's content. All that's in this file is the script below.
Name the file checkid.php
// session logged
This just does what it ought to: start a session (it started in the login page, actually, but we can say we restarted it when this script is run even though we merely continued it and restarted the session timeout clock which is set for 24 to 48 minutes, depending on the PHP installation directives). We then check the session variable "sessionid" which was saved at login using this script: Private Message Login. If it's not set, the user is sent to the login page after unsetting and destroying the session. If it is set, the user gets to continue the script since the else conditional leads only to a comment that does nothing, but says it all: "session logged." So the user is okay and good to go. So we go on with the page.
Why sessions? We have a few trepidations due to the reported security holes, but using cookies or other methods have these too, so what the hell . . . sessions it is. What the heck are they? Sessions are a semi-permanent interactive information interchange, also known as a dialogue, a conversation or a meeting, between two or more communicating devices, or between a computer and user. Essentially, they're usually just a way to track users on websites to ensure they are legitimate, and to keep out illegitimate site visitors who do not log in.