I have come across this problem before but never really resolved it. It
is probably something so obvious that I should be embarrassed to even
ask in this forum.

The problem is one of losing the value of a session variable. Here is a
sample of what I mean:

FileA.php:
Form to send to credit card processing firm. Prior to this, a session
variable for "security" had been defined as a blank space. This file's
action goes to a secure server where another page is presented. The
return goes to FileB.php.

FileB.php:
session_start();
// Return from cc firm.
// Do stuff to insert into our db
$_SESSION['user'] = $username;
// var_dump($_SESSION);
header("Location: http://www.mydomain.com/FileC.php");
exit();

FileC.php:
session_start();
var_dump($_SESSION);
exit();

When I uncomment the var_dump in FileB.php, it shows the value for the
session variable for user, but not for security. However, commenting it
out again and proceeding on the FileC.php, the session variable value
for user is lost but it has the value that for "security" that had been
set earlier in the entire process.

Specifically, in

FileB.php: array(1) { ["user"]= string(6) "shelly" }

but in

FileC.php: array(1) { ["security"]= &string(1) " " }

It is almost as if it is switching from one session to another. Any ideas?

sheldonlg <sheldonlgposted in comp.lang.php:

Quote:

I have come across this problem before but never really resolved it. It
is probably something so obvious that I should be embarrassed to even
ask in this forum.
>
The problem is one of losing the value of a session variable. Here is a
sample of what I mean:
>
FileA.php:
Form to send to credit card processing firm. Prior to this, a session
variable for "security" had been defined as a blank space. This file's
action goes to a secure server where another page is presented. The
return goes to FileB.php.
>
FileB.php:
session_start();
// Return from cc firm.
// Do stuff to insert into our db
$_SESSION['user'] = $username;
// var_dump($_SESSION);
header("Location: http://www.mydomain.com/FileC.php");
exit();

One thing I've found that helps when redirecting after setting $_SESSION variables is using
session_write_close() before the redirect.


YMMV

Mark A. Boyd wrote:

Quote:

sheldonlg <sheldonlgposted in comp.lang.php:
>

Quote:

>
One thing I've found that helps when redirecting after setting $_SESSION variables is using
session_write_close() before the redirect.
>
>
YMMV

MMV (My Mileage Varied). It didn't change anything. Thanks anyway.

On Jun 30, 7:23*pm, sheldonlg <sheldonlgwrote:

Quote:

Mark A. Boyd wrote:

Quote:

>

Quote:

>

Quote:

>

Quote:

>

Quote:

>

Quote:

>

Quote:

>
MMV (My Mileage Varied). *It didn't change anything. *Thanks anyway.

Have you tried doing this without redirecting the page automatically?
I think when you mess with the header information you may be messing
it up. Try using a simple hyperlink and see if that works, if it does
you can just employee JavaScript to redirect the page.

sheldonlg wrote:

Quote:

I have come across this problem before but never really resolved it. It
is probably something so obvious that I should be embarrassed to even
ask in this forum.
>
The problem is one of losing the value of a session variable. Here is a
sample of what I mean:
>
FileA.php:
Form to send to credit card processing firm. Prior to this, a session
variable for "security" had been defined as a blank space. This file's
action goes to a secure server where another page is presented. The
return goes to FileB.php.
>
FileB.php:
session_start();
// Return from cc firm.
// Do stuff to insert into our db
$_SESSION['user'] = $username;
// var_dump($_SESSION);
header("Location: http://www.mydomain.com/FileC.php");
exit();
>
FileC.php:
session_start();
var_dump($_SESSION);
exit();
>
When I uncomment the var_dump in FileB.php, it shows the value for the
session variable for user, but not for security. However, commenting it
out again and proceeding on the FileC.php, the session variable value
for user is lost but it has the value that for "security" that had been
set earlier in the entire process.
>
Specifically, in
>
FileB.php: array(1) { ["user"]= string(6) "shelly" }
>
but in
>
FileC.php: array(1) { ["security"]= &string(1) " " }
>
It is almost as if it is switching from one session to another. Any ideas?
>

What does session_name() show on each of the three pages?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

netstreamer@gmail.com wrote:

Quote:

On Jun 30, 7:23 pm, sheldonlg <sheldonlgwrote:

Quote:

>
Have you tried doing this without redirecting the page automatically?
I think when you mess with the header information you may be messing
it up. Try using a simple hyperlink and see if that works, if it does
you can just employee JavaScript to redirect the page.

This page, fileB.php does the processing from the return from the credit
card handler. It then has to go somewhere. It is never shown in html.
That is why the header information to change the page is there.

Jerry Stuckle wrote:

Quote:

sheldonlg wrote:

Quote:

>
What does session_name() show on each of the three pages?

Good thought. I'll try it and let you know.

sheldonlg wrote:

Quote:

Jerry Stuckle wrote:

Quote:

>
Good thought. I'll try it and let you know.
>

OK, this might be a clue.

In the index page I do session_name('sitename' . time()); session_start();

If I print out session_name() after that, then it gives a named session
value. If I then go to another page, ANY page, then session_name()
gives PHPSESSID, the default session name. All pages other than the
index page give that name.

<sheldonlgwrote in message
news:noudnalUUqw2OfTVnZ2dnUVZ_oDinZ2d@giganews.com ...

Quote:

Quote:

Your original problem as stated above would sem to be related to the note
on php.net about passing session ids
http://us.php.net/manual/en/session.idpassing.php

"Note: Non-relative URLs are assumed to point to external sites and hence
don't append the SID, as it would be a security risk to leak the SID to a
different server."

Seems to me that the secure server definitely falls into he category of
"external sites".

Perhaps the approach to take would be to send an encrypted variable to the
secure server and have it pass that back and check that it is what you sent
a la what authorize.ent provides for just such a case. I've done just that
with their system and used what was returned, not the encrypted check part
but another after that was verified, to look up the record from the db.

Good luck.

Johnny

Johnny wrote:

Quote:

<sheldonlgwrote in message
news:noudnalUUqw2OfTVnZ2dnUVZ_oDinZ2d@giganews.com ...

Quote:

>
Your original problem as stated above would sem to be related to the note
on php.net about passing session ids
http://us.php.net/manual/en/session.idpassing.php
>
"Note: Non-relative URLs are assumed to point to external sites and hence
don't append the SID, as it would be a security risk to leak the SID to a
different server."
>
Seems to me that the secure server definitely falls into he category of
"external sites".
>
Perhaps the approach to take would be to send an encrypted variable to the
secure server and have it pass that back and check that it is what you sent
a la what authorize.ent provides for just such a case. I've done just that
with their system and used what was returned, not the encrypted check part
but another after that was verified, to look up the record from the db.
>
Good luck.
>
Johnny
>
>

Yes, I have done similar stuff with authorize.net. authorize.net allows
you to define fields that are passed to the server and that don't appear
on the page. This credit card processor is itransact.com and they don't
have that capability -- at least not with what they call "split-screen".
Hence, I needed to maintain the session since I had to define those
variables as session variables prior to going to itransact.com, and then
use them on a successful processing of the credit card in to put certain
information into my database.