php session variables

tyuret
tyuret used Ask the Experts™
on
Can I change the value of a session variable (eg: $_SESSION['test']) of a specific user when another user runs  a php page (eg:trigger.php)?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2013

Commented:
Interaction between users?  That would be a security issue.  I don't think you could cross-pollinate the threads.

 


Cd&

Author

Commented:
I should not be a Session variable. It will ok if I can change any global variable  triggered by other user.
Top Expert 2013
Commented:
I don't think you can trigger anything. You could store something on a file or database to indicate that a user has taken some action and then check it the next time the other user comes to the server... but direct interaction between users?  I don't think so.

Cd&
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Author

Commented:
With the below code I read the session id of the target user from DB, change a session variable of the target user then change back the session id to original? Seems working
What do you think, any problem you see or any improvement?
Thank you.


$session_id_old=session_id();      
      $sql = "SELECT SESSION_ID FROM LOGIN_HISTORY  WHERE LOGIN_ID=$Touser ";
      $res=selectsql($sql);
                  
      $sesuserid=$res["SESSION_ID"];
      
      session_write_close();
      session_id($sesuserid);
      session_start();
      
      $_SESSION['alertses']=1;
      session_write_close();
      session_id($session_id_old);
      session_start();
Most Valuable Expert 2011
Top Expert 2016
Commented:
This question seems to indicate a misunderstanding of the nature of the HTTP and client-server protocol.  In the client-server environment, clients make requests and servers respond.  Each request is complete, atomic and stateless.  Each response is complete and usually instantaneous.  The client makes requests; the server makes responses.  The server cannot initiate an action to a client machine without a request from the client.

It follows that there is no such thing as a "logged-in" client.  There are only clients who make requests.  Some of those clients will send cookies that let the server connect to a greater range of information, such as the fact that the server has stored session data for this client, or that the data base has records that should be used to tailor the response to this client.  In the modern paradigm, AJAX requests are often used to animate the client experience.  AJAX processing implies the use of JavaScript on the client browser.  The JavaScript causes repeated requests to the server.  These requests are mostly invisible to the human client, and thus we produce the illusion of a logged-in client who can receive spontaneous output from the server.

Of course it is easy to present different responses to client requests.  Example: When my friends post things on Facebook, and I subsequently visit Facebook, I see information about what they posted.  If I am using Facebook, my client (Firefox) is making repeated AJAX requests to the FB servers.  So when a friend posts something, it may appear "magically" at my computer screen.  Something like that may be a useful design for your needs.  You might want to look into jQuery to get a grip on the client side of things.

On the server side, forget about using the PHP session for this.  It is very limited in what it can do for you.  Instead, make your design foundation be a data base that permits easy expansion of the interactivity between your clients.

HTH, ~Ray

Author

Commented:
Ray thank you for your assist.
But still I am curious if there seems a problem with the code
Most Valuable Expert 2011
Top Expert 2016

Commented:
We can't tell if there is a problem with the code.  We do not have your data base, nor do we have the rest of your code.  You might be able to use var_dump() to enable you to look at the data.  If your data looks like what you expect at each point in the process, that's a good thing.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial