Connecting Tech Pros Worldwide Forums | Help | Site Map
bytes > topic > php > answers

Passing SESSION Data

Paul
Guest
  
Posts: n/a
#1: Jul 17 '05
Hmmm, didn't seem to work. I have set session.use_cookies = 1 and
session.use_trans_sid = 1 in my php.ini file. Index.php contains:
----------------------------------------------------------------------------
<?php
ini_set("session.use_cookies", "off");
ini_set("session.use_trans_sid", "on");
session_start();
$_SESSION['entered_username'] = "";
$_SESSION['login'] = "";
echo "<form method='POST' action='login.php'>
Username:</b>
<input type='text' name='username'
<b>Password:</b>
<input type='password' name='password'
<input type='submit' value='Login'><b>Not a member?</b> Sign up <a
href='register.html'>here</a>
<b>Forgotten your password?</b> <a href='password_reminder.php'>Click
here</a> to have it e-mailed to you.
</form>";

?>
----------------------------------------------------------------------------
Viewing source from browser reveals:
----------------------------------------------------------------------------
<html>
<head>
<title>Welcome</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1"></head>
<form method='POST' action='login.php'>
<b>Username:</b>
<input type='text' name='username'>
<b>Password</b>
<input type='password' name='password'>
<input type='submit' value='Login'>
<b>Not a member?</b> Sign up <a href='register.html'>here</a>
<b>Forgotten your password?</b> <a href='password_reminder.php'>Click
here</a> to have it e-mailed to you.
</form><H1>Header 1</H1>
<H2>Text about something</H2>
</map>
</body>
</html>
----------------------------------------------------------------------------
As you can see, no hidden field. I'm not sure what I've done wrong here. The
PHP on the login page contains session_start(); at the beginning, as does
member.php but on the member.php page, I get: Notice: Undefined index:
login in C:\Web\member.php on line 12
Line 12 contains the following:
----------------------------------------------------------------------------
if ($_SESSION['login'] != 'yes')
{
echo "You haven't logged on!<p>
<a href='index.php'>Click Here</a> to return to the login page";
exit();
}
----------------------------------------------------------------------------
$_SESSION['login'] isn't being passed even though it was set
in login.php using the following:
----------------------------------------------------------------------------
if(mysql_num_rows($result) == 1)
{
$_SESSION['entered_username'] = $_POST['username'];
$_SESSION['login'] = 'yes';
header('refresh: 3; url=member.php');
echo "<h2><center>You have been validated. Please wait, logging you in. .
..</h2><br>
<center>If your browser doesn't support redirection and you're still here in
3 seconds, <a href='member.php'>click here</a></center>";
}
----------------------------------------------------------------------------
The $_SESSION data is available if I use mysql_fetch_array as I used below
to get $entered_username from the $_SESSION array, but can I use something
like this to extract the ['login'] variable from the array and then test it?
----------------------------------------------------------------------------

$query="SELECT firstname, lastname from $Table WHERE
username='$entered_username'";

$result=mysql_query($query)
or die(mysql_error());

while($row = mysql_fetch_array($result))
{
echo "<b>Welcome ". $row['firstname'] . ' ' . $row['lastname'] . '</b>';
}
----------------------------------------------------------------------------
Am I right in thinking that I should be setting the $_SESSIONs up on the
index.php page? I have read that this is the correct way to do it and I
can't personally see anything wrong with doing it this way.

This problem has turned into a bit of a quest as I have spent so long trying
to get it to work! I could just surrender and tell users that they will have
to use cookies but I really want to know why this doesn't work.

Thanks for any help you can offer.
----------------------------------------------------------------------------

Shouldn't, unless your host has session.auto_start on.

--

--
Peter James
Editor-in-Chief, php|architect Magazine
petej@phparch.com

php|architect
The Magazine for PHP Professionals
http://www.phparch.com


"Paul" <Paul@here.com> wrote in message
news:bhmaet$l1c$1@hercules.btinternet.com...[color=blue]
> 1 last question (promise!!) I've just been looking up ini_set at php.net.
> Thats pretty cool how you can temporarily change php settings. At present[/color]
I[color=blue]
> am writing my webpage on my local machine but in time will upload it to my
> host. My question is, if session.use_cookies and session.use_trans_sid are
> enabled on the server and I enter ini_set("session.use_cookies", "off");[/color]
and[color=blue]
> ini_set("session.use_trans_sid", "on"); on the top of each of my web[/color]
pages,[color=blue]
> will it have any unexpected effects?
>
> Thanks again.
>
>
> "Paul" <Paul@here.com> wrote in message
> news:bhm9hr$kr5$1@titan.btinternet.com...[color=green]
> > Thats slightly overcast with a strong chance of some sunshine later :-)
> > That kinda cleared things up. Time, error and play will help me figure[/color][/color]
out[color=blue][color=green]
> > exactly whats happening but I get the jist of it now.
> >
> > Thanks for your help.
> >
> > "Peter James" <petej@shaman.ca> wrote in message
> > news:vjt9qo4diplf8@corp.supernews.com...[color=darkred]
> > > If you have access to the php.ini file, then set these[/color][/color]
> session.use_cookies[color=green][color=darkred]
> > > and session.use_trans_sid values in the php.ini file.
> > >
> > > auto_start means that a session is started every time... it is very[/color][/color]
> common[color=green][color=darkred]
> > > to leave this off, and just use session_start() when you need[/color][/color][/color]
sessions.[color=blue][color=green]
> > If[color=darkred]
> > > you use auto_start, you should also set the use_cookies, etc values in[/color][/color]
> the[color=green][color=darkred]
> > > php.ini file.
> > >
> > > As far as appending the session id, PHP will handle it all for you.[/color][/color][/color]
If[color=blue][color=green]
> > you[color=darkred]
> > > start a session (either auto_start or session_start() ) and create a[/color][/color]
> form[color=green]
> > on[color=darkred]
> > > a page that's using trans_sid, and then check your page source in the
> > > browser, you should see a hidden field called PHPSESSID in your form..[/color]
> > One[color=darkred]
> > > that you _didn't_ add yourself. It's very cool. Relative URL's are
> > > essentially just URLs that don't have a host in them. http://foo.com[/color][/color][/color]
is[color=blue][color=green]
> > not[color=darkred]
> > > a relative url, but /bar/index.php is.
> > >
> > > If you have trans_sid on, and you submit the above form and start the
> > > session on the submitted-to page, then all the $_SESSION vars that[/color][/color][/color]
you[color=blue][color=green]
> > set[color=darkred]
> > > on the previous page will be available to you on your submitted-to[/color][/color][/color]
page.[color=blue][color=green][color=darkred]
> > >
> > > Does that clear anything up, or make it cloudier? :-)
> > >
> > > Pete.
> > >
> > > --
> > >
> > > --
> > > Peter James
> > > Editor-in-Chief, php|architect Magazine
> > > petej@phparch.com
> > >
> > > php|architect
> > > The Magazine for PHP Professionals
> > > http://www.phparch.com
> > >
> > >
> > > "Paul" <Paul@here.com> wrote in message
> > > news:bhm82m$gvi$1@hercules.btinternet.com...
> > > > I know I'm going to sound stupid now, but could you just clarify[/color][/color][/color]
what[color=blue][color=green][color=darkred]
> > > > exactly is happening here. At the moment, I am using[/color][/color]
> session.auto_start[color=green]
> > =[color=darkred]
> > > 0
> > > > in php.ini. Should I now switch this back to 0?
> > > > And if I add ini_set("session.use_cookies", "off"); and
> > > > ini_set("session.use_trans_sid", "on"); to the start of each page,[/color][/color]
> does[color=green]
> > it[color=darkred]
> > > > temporary turn on trans_sid for that browsing session?
> > > > Lastly, when you say "This will automagically append the session id[/color][/color][/color]
to[color=blue][color=green]
> > all[color=darkred]
> > > > relative URL's that it can identify, as well as adding it into a[/color][/color]
> hidden[color=green][color=darkred]
> > > form
> > > > variable for you", how is the session ID passed then? Where am I[/color]
> > defining[color=darkred]
> > > a
> > > > variable that can be used on the next page? How does it identify[/color]
> > "relative[color=darkred]
> > > > URLs"? I've only been at this a month so I'm a bit green.
> > > >
> > > > Thanks for your help.
> > > >
> > > >
> > > > "Peter James" <petej@shaman.ca> wrote in message
> > > > news:vjt7rvh5rcik80@corp.supernews.com...
> > > > > First, rather than manually passing the session id around, just do[/color][/color]
> an[color=green][color=darkred]
> > > > > ini_set() at the beginning of each page...
> > > > >
> > > > > ini_set("session.use_cookies", "off");
> > > > > ini_set("session.use_trans_sid", "on");
> > > > >
> > > > > This will automagically append the session id to all relative[/color][/color][/color]
URL's[color=blue][color=green]
> > tha[color=darkred]
> > > it
> > > > > can identify, as well as adding it into a hidden form variable for[/color]
> > you.[color=darkred]
> > > > You
> > > > > don't need to do it manually.
> > > > >
> > > > > Second, you're not passing the session id when you redirect.[/color][/color]
> Writing[color=green][color=darkred]
> > > the
> > > > > header like that doesn't get rewritten by PHP or your routine. If[/color][/color]
> you[color=green][color=darkred]
> > > are
> > > > > not using cookies, you won't have access to the session id on the[/color][/color]
> next[color=green][color=darkred]
> > > > page
> > > > > (the one you redirect to). Even with trans_sid, you'll have to[/color]
> > manually[color=darkred]
> > > > > include your session id in the header.
> > > > >
> > > > > HTH.
> > > > > Pete.
> > > > >
> > > > > --
> > > > >
> > > > > --
> > > > > Peter James
> > > > > Editor-in-Chief, php|architect Magazine
> > > > > petej@phparch.com
> > > > >
> > > > > php|architect
> > > > > The Magazine for PHP Professionals
> > > > > http://www.phparch.com
> > > > >
> > > > >
> > > > > "Paul" <Paul@here.com> wrote in message
> > > > > news:bhm410$bp7$1@titan.btinternet.com...
> > > > > > I want to use sessions to cover myself in case the user switches[/color][/color]
> off[color=green][color=darkred]
> > > > > cookies
> > > > > > so I am passing the session ID manually through a hidden input[/color]
> > field.[color=darkred]
> > > > This
> > > > > > is what I have so far.
> > > > > >
> > > > > > index.php page contains:
> > > > > >
> > > > > > <?php
> > > > > >
> > > > > > $_SESSION['entered_username'] = "";
> > > > > > $_SESSION['login'] = "";
> > > > > > $PHPSESSID = session_id();
> > > > > >
> > > > > > echo "<form method='POST' action='login.php'>
> > > > > > <b>Username:</b>
> > > > > > <input type='text' name='username'>
> > > > > > <b>Password:</b>
> > > > > > <input type='password' name='password'>
> > > > > > <input type='hidden' name='PHPSESSID' value='$PHPSESSID'>
> > > > > > <input type='submit' value='Login'>
> > > > > > </form>";
> > > > > >
> > > > > > ?>
> > > > > >
> > > > > > Now, viewing the source with this page open in the browser, I[/color][/color][/color]
can[color=blue][color=green]
> > see[color=darkred]
> > > > that
> > > > > > the session ID is in the hidden field. According to the book I'm
> > > > reading,
> > > > > > "PHP will automatically get $PHPSESSID without anymore[/color][/color][/color]
programming[color=blue][color=green][color=darkred]
> > > from
> > > > > you
> > > > > > on the login page"
> > > > > > The part of the next page (login.php) that is processing the[/color][/color][/color]
login[color=blue][color=green]
> > is[color=darkred]
> > > as
> > > > > > follows:
> > > > > >
> > > > > > if(mysql_num_rows($result) == 1)
> > > > > > {
> > > > > > $_SESSION['entered_username'] = $_POST['username'];
> > > > > > $_SESSION['login'] = 'yes';
> > > > > > header('refresh: 3; url=member.php');
> > > > > > echo "<h2><center>You have been validated. Please wait, logging[/color][/color]
> you[color=green][color=darkred]
> > > in.
> > > > .
> > > > > > .</h2><br>
> > > > > > <center>If your browser doesn't support redirection and you're[/color][/color]
> still[color=green][color=darkred]
> > > > here
> > > > > in
> > > > > > 3 seconds, <a href='member.php'>click here</a></center>";
> > > > > > }
> > > > > > else
> > > > > > {
> > > > > > header('refresh: 5; url=index.php');
> > > > > > echo "<b><u><center>Login failure </b></u><br>Username/Password
> > > > mismatch.
> > > > > > Sit tight, we're sending you back to the login page in 5[/color]
> > seconds.<br>[color=darkred]
> > > > > > If your browser doesn't support redirection and you're still[/color][/color][/color]
here[color=blue]
> in[color=green]
> > 5[color=darkred]
> > > > > > seconds, <a href='index.php'>click here</a></center>";
> > > > > > }
> > > > > >
> > > > > > Now we get to the member.php page and the following happens:
> > > > > >
> > > > > > Notice: Undefined index: login in C:\Web\member.php on line 10
> > > > > >
> > > > > > Line 10 reads:
> > > > > >
> > > > > > if ($_SESSION['login'] != 'yes')
> > > > > > {
> > > > > > echo "<b><u><center>You haven't logged on!</b></u><p>
> > > > > > <a href='index.php'>Click Here</a> to return to the login page";
> > > > > > exit();
> > > > > > }
> > > > > >
> > > > > > This is where it kicks me out. The code on the member.php page[/color][/color][/color]
is[color=blue][color=green][color=darkred]
> > > > designed
> > > > > > to stop users doing anything before they log in but unless I can[/color]
> > pass[color=darkred]
> > > > the
> > > > > > session data between pages, the result of the if statement will[/color]
> > always[color=darkred]
> > > > be
> > > > > > false.
> > > > > >
> > > > > > Even more odd is the fact that it works in Internet Explorer and[/color][/color]
> not[color=green][color=darkred]
> > > > > > Mozilla. Now I trust Mozilla's standards far more than IE so I[/color]
> > really[color=darkred]
> > > > want
> > > > > > to make it work in Mozilla.
> > > > > >
> > > > > > Sorry this is such a long post, I tried to keep it as short as
> > > possible
> > > > > but
> > > > > > give enough information to make it make sense.
> > > > > >
> > > > > > So what am I missing? And what is IE doing that Moz isn't?
> > > > > >
> > > > > > Thanks for any suggestions.[/color][/color][/color]

Peter James
Guest
  
Posts: n/a
#2: Jul 17 '05

re: Passing SESSION Data

There are couple things afoot here.

In early versions of PHP you could set the session.use_trans_sid using
ini_set(). According to the http://hp.net/ini_set page, you no longer can.
This setting has to be set in the php.ini, httpd.conf, or .htaccess file.

In .htaccess, something like

php_flag session.use_trans_sid 1

If you do a phpinfo() call at the end of your form in index.php, you can
check whether what you're doing is changing the ini setting.

The other thing is a bug/feature that even if use_cookies is off and
use_trans_sid is on, if a cookie is set already in your browser, the session
id won't be rewritten into the page. You must delete all cookies, and all
files (including all offline content in internet explorer) to make this
work. Very frustrating.

Well, as always, I learned something. I hope this helped you.

Cheers,
Pete.

--
Peter James
Editor-in-Chief, php|architect Magazine
petej@phparch.com

php|architect
The Magazine for PHP Professionals
http://www.phparch.com


"Paul" <Paul@home.com> wrote in message
news:bhrlsr$enu$1@hercules.btinternet.com...[color=blue]
> Hmmm, didn't seem to work. I have set session.use_cookies = 1 and
> session.use_trans_sid = 1 in my php.ini file. Index.php contains:
> --------------------------------------------------------------------------[/color]
--[color=blue]
> <?php
> ini_set("session.use_cookies", "off");
> ini_set("session.use_trans_sid", "on");
> session_start();
> $_SESSION['entered_username'] = "";
> $_SESSION['login'] = "";
> echo "<form method='POST' action='login.php'>
> Username:</b>
> <input type='text' name='username'
> <b>Password:</b>
> <input type='password' name='password'
> <input type='submit' value='Login'><b>Not a member?</b> Sign up <a
> href='register.html'>here</a>
> <b>Forgotten your password?</b> <a href='password_reminder.php'>Click
> here</a> to have it e-mailed to you.
> </form>";
>
> ?>
> --------------------------------------------------------------------------[/color]
--[color=blue]
> Viewing source from browser reveals:
> --------------------------------------------------------------------------[/color]
--[color=blue]
> <html>
> <head>
> <title>Welcome</title>
> <meta http-equiv="Content-Type" content="text/html;
> charset=iso-8859-1"></head>
> <form method='POST' action='login.php'>
> <b>Username:</b>
> <input type='text' name='username'>
> <b>Password</b>
> <input type='password' name='password'>
> <input type='submit' value='Login'>
> <b>Not a member?</b> Sign up <a href='register.html'>here</a>
> <b>Forgotten your password?</b> <a href='password_reminder.php'>Click
> here</a> to have it e-mailed to you.
> </form><H1>Header 1</H1>
> <H2>Text about something</H2>
> </map>
> </body>
> </html>
> --------------------------------------------------------------------------[/color]
--[color=blue]
> As you can see, no hidden field. I'm not sure what I've done wrong here.[/color]
The[color=blue]
> PHP on the login page contains session_start(); at the beginning, as does
> member.php but on the member.php page, I get: Notice: Undefined index:
> login in C:\Web\member.php on line 12
> Line 12 contains the following:
> --------------------------------------------------------------------------[/color]
--[color=blue]
> if ($_SESSION['login'] != 'yes')
> {
> echo "You haven't logged on!<p>
> <a href='index.php'>Click Here</a> to return to the login page";
> exit();
> }
> --------------------------------------------------------------------------[/color]
--[color=blue]
> $_SESSION['login'] isn't being passed even though it was set
> in login.php using the following:
> --------------------------------------------------------------------------[/color]
--[color=blue]
> if(mysql_num_rows($result) == 1)
> {
> $_SESSION['entered_username'] = $_POST['username'];
> $_SESSION['login'] = 'yes';
> header('refresh: 3; url=member.php');
> echo "<h2><center>You have been validated. Please wait, logging you in. .
> .</h2><br>
> <center>If your browser doesn't support redirection and you're still here[/color]
in[color=blue]
> 3 seconds, <a href='member.php'>click here</a></center>";
> }
> --------------------------------------------------------------------------[/color]
--[color=blue]
> The $_SESSION data is available if I use mysql_fetch_array as I used below
> to get $entered_username from the $_SESSION array, but can I use something
> like this to extract the ['login'] variable from the array and then test[/color]
it?[color=blue]
> --------------------------------------------------------------------------[/color]
--[color=blue]
>
> $query="SELECT firstname, lastname from $Table WHERE
> username='$entered_username'";
>
> $result=mysql_query($query)
> or die(mysql_error());
>
> while($row = mysql_fetch_array($result))
> {
> echo "<b>Welcome ". $row['firstname'] . ' ' . $row['lastname'] .[/color]
'</b>';[color=blue]
> }
> --------------------------------------------------------------------------[/color]
--[color=blue]
> Am I right in thinking that I should be setting the $_SESSIONs up on the
> index.php page? I have read that this is the correct way to do it and I
> can't personally see anything wrong with doing it this way.
>
> This problem has turned into a bit of a quest as I have spent so long[/color]
trying[color=blue]
> to get it to work! I could just surrender and tell users that they will[/color]
have[color=blue]
> to use cookies but I really want to know why this doesn't work.
>
> Thanks for any help you can offer.
> --------------------------------------------------------------------------[/color]
--[color=blue]
>
> Shouldn't, unless your host has session.auto_start on.
>
> --
>
> --
> Peter James
> Editor-in-Chief, php|architect Magazine
> petej@phparch.com
>
> php|architect
> The Magazine for PHP Professionals
> http://www.phparch.com
>
>
> "Paul" <Paul@here.com> wrote in message
> news:bhmaet$l1c$1@hercules.btinternet.com...[color=green]
> > 1 last question (promise!!) I've just been looking up ini_set at[/color][/color]
php.net.[color=blue][color=green]
> > Thats pretty cool how you can temporarily change php settings. At[/color][/color]
present[color=blue]
> I[color=green]
> > am writing my webpage on my local machine but in time will upload it to[/color][/color]
my[color=blue][color=green]
> > host. My question is, if session.use_cookies and session.use_trans_sid[/color][/color]
are[color=blue][color=green]
> > enabled on the server and I enter ini_set("session.use_cookies", "off");[/color]
> and[color=green]
> > ini_set("session.use_trans_sid", "on"); on the top of each of my web[/color]
> pages,[color=green]
> > will it have any unexpected effects?
> >
> > Thanks again.
> >
> >
> > "Paul" <Paul@here.com> wrote in message
> > news:bhm9hr$kr5$1@titan.btinternet.com...[color=darkred]
> > > Thats slightly overcast with a strong chance of some sunshine later[/color][/color][/color]
:-)[color=blue][color=green][color=darkred]
> > > That kinda cleared things up. Time, error and play will help me figure[/color][/color]
> out[color=green][color=darkred]
> > > exactly whats happening but I get the jist of it now.
> > >
> > > Thanks for your help.
> > >
> > > "Peter James" <petej@shaman.ca> wrote in message
> > > news:vjt9qo4diplf8@corp.supernews.com...
> > > > If you have access to the php.ini file, then set these[/color]
> > session.use_cookies[color=darkred]
> > > > and session.use_trans_sid values in the php.ini file.
> > > >
> > > > auto_start means that a session is started every time... it is very[/color]
> > common[color=darkred]
> > > > to leave this off, and just use session_start() when you need[/color][/color]
> sessions.[color=green][color=darkred]
> > > If
> > > > you use auto_start, you should also set the use_cookies, etc values[/color][/color][/color]
in[color=blue][color=green]
> > the[color=darkred]
> > > > php.ini file.
> > > >
> > > > As far as appending the session id, PHP will handle it all for you.[/color][/color]
> If[color=green][color=darkred]
> > > you
> > > > start a session (either auto_start or session_start() ) and create a[/color]
> > form[color=darkred]
> > > on
> > > > a page that's using trans_sid, and then check your page source in[/color][/color][/color]
the[color=blue][color=green][color=darkred]
> > > > browser, you should see a hidden field called PHPSESSID in your[/color][/color][/color]
form..[color=blue][color=green][color=darkred]
> > > One
> > > > that you _didn't_ add yourself. It's very cool. Relative URL's are
> > > > essentially just URLs that don't have a host in them. http://foo.com[/color][/color]
> is[color=green][color=darkred]
> > > not
> > > > a relative url, but /bar/index.php is.
> > > >
> > > > If you have trans_sid on, and you submit the above form and start[/color][/color][/color]
the[color=blue][color=green][color=darkred]
> > > > session on the submitted-to page, then all the $_SESSION vars that[/color][/color]
> you[color=green][color=darkred]
> > > set
> > > > on the previous page will be available to you on your submitted-to[/color][/color]
> page.[color=green][color=darkred]
> > > >
> > > > Does that clear anything up, or make it cloudier? :-)
> > > >
> > > > Pete.
> > > >
> > > > --
> > > >
> > > > --
> > > > Peter James
> > > > Editor-in-Chief, php|architect Magazine
> > > > petej@phparch.com
> > > >
> > > > php|architect
> > > > The Magazine for PHP Professionals
> > > > http://www.phparch.com
> > > >
> > > >
> > > > "Paul" <Paul@here.com> wrote in message
> > > > news:bhm82m$gvi$1@hercules.btinternet.com...
> > > > > I know I'm going to sound stupid now, but could you just clarify[/color][/color]
> what[color=green][color=darkred]
> > > > > exactly is happening here. At the moment, I am using[/color]
> > session.auto_start[color=darkred]
> > > =
> > > > 0
> > > > > in php.ini. Should I now switch this back to 0?
> > > > > And if I add ini_set("session.use_cookies", "off"); and
> > > > > ini_set("session.use_trans_sid", "on"); to the start of each page,[/color]
> > does[color=darkred]
> > > it
> > > > > temporary turn on trans_sid for that browsing session?
> > > > > Lastly, when you say "This will automagically append the session[/color][/color][/color]
id[color=blue]
> to[color=green][color=darkred]
> > > all
> > > > > relative URL's that it can identify, as well as adding it into a[/color]
> > hidden[color=darkred]
> > > > form
> > > > > variable for you", how is the session ID passed then? Where am I
> > > defining
> > > > a
> > > > > variable that can be used on the next page? How does it identify
> > > "relative
> > > > > URLs"? I've only been at this a month so I'm a bit green.
> > > > >
> > > > > Thanks for your help.
> > > > >
> > > > >
> > > > > "Peter James" <petej@shaman.ca> wrote in message
> > > > > news:vjt7rvh5rcik80@corp.supernews.com...
> > > > > > First, rather than manually passing the session id around, just[/color][/color][/color]
do[color=blue][color=green]
> > an[color=darkred]
> > > > > > ini_set() at the beginning of each page...
> > > > > >
> > > > > > ini_set("session.use_cookies", "off");
> > > > > > ini_set("session.use_trans_sid", "on");
> > > > > >
> > > > > > This will automagically append the session id to all relative[/color][/color]
> URL's[color=green][color=darkred]
> > > tha
> > > > it
> > > > > > can identify, as well as adding it into a hidden form variable[/color][/color][/color]
for[color=blue][color=green][color=darkred]
> > > you.
> > > > > You
> > > > > > don't need to do it manually.
> > > > > >
> > > > > > Second, you're not passing the session id when you redirect.[/color]
> > Writing[color=darkred]
> > > > the
> > > > > > header like that doesn't get rewritten by PHP or your routine.[/color][/color][/color]
If[color=blue][color=green]
> > you[color=darkred]
> > > > are
> > > > > > not using cookies, you won't have access to the session id on[/color][/color][/color]
the[color=blue][color=green]
> > next[color=darkred]
> > > > > page
> > > > > > (the one you redirect to). Even with trans_sid, you'll have to
> > > manually
> > > > > > include your session id in the header.
> > > > > >
> > > > > > HTH.
> > > > > > Pete.
> > > > > >
> > > > > > --
> > > > > >
> > > > > > --
> > > > > > Peter James
> > > > > > Editor-in-Chief, php|architect Magazine
> > > > > > petej@phparch.com
> > > > > >
> > > > > > php|architect
> > > > > > The Magazine for PHP Professionals
> > > > > > http://www.phparch.com
> > > > > >
> > > > > >
> > > > > > "Paul" <Paul@here.com> wrote in message
> > > > > > news:bhm410$bp7$1@titan.btinternet.com...
> > > > > > > I want to use sessions to cover myself in case the user[/color][/color][/color]
switches[color=blue][color=green]
> > off[color=darkred]
> > > > > > cookies
> > > > > > > so I am passing the session ID manually through a hidden input
> > > field.
> > > > > This
> > > > > > > is what I have so far.
> > > > > > >
> > > > > > > index.php page contains:
> > > > > > >
> > > > > > > <?php
> > > > > > >
> > > > > > > $_SESSION['entered_username'] = "";
> > > > > > > $_SESSION['login'] = "";
> > > > > > > $PHPSESSID = session_id();
> > > > > > >
> > > > > > > echo "<form method='POST' action='login.php'>
> > > > > > > <b>Username:</b>
> > > > > > > <input type='text' name='username'>
> > > > > > > <b>Password:</b>
> > > > > > > <input type='password' name='password'>
> > > > > > > <input type='hidden' name='PHPSESSID' value='$PHPSESSID'>
> > > > > > > <input type='submit' value='Login'>
> > > > > > > </form>";
> > > > > > >
> > > > > > > ?>
> > > > > > >
> > > > > > > Now, viewing the source with this page open in the browser, I[/color][/color]
> can[color=green][color=darkred]
> > > see
> > > > > that
> > > > > > > the session ID is in the hidden field. According to the book[/color][/color][/color]
I'm[color=blue][color=green][color=darkred]
> > > > > reading,
> > > > > > > "PHP will automatically get $PHPSESSID without anymore[/color][/color]
> programming[color=green][color=darkred]
> > > > from
> > > > > > you
> > > > > > > on the login page"
> > > > > > > The part of the next page (login.php) that is processing the[/color][/color]
> login[color=green][color=darkred]
> > > is
> > > > as
> > > > > > > follows:
> > > > > > >
> > > > > > > if(mysql_num_rows($result) == 1)
> > > > > > > {
> > > > > > > $_SESSION['entered_username'] = $_POST['username'];
> > > > > > > $_SESSION['login'] = 'yes';
> > > > > > > header('refresh: 3; url=member.php');
> > > > > > > echo "<h2><center>You have been validated. Please wait,[/color][/color][/color]
logging[color=blue][color=green]
> > you[color=darkred]
> > > > in.
> > > > > .
> > > > > > > .</h2><br>
> > > > > > > <center>If your browser doesn't support redirection and you're[/color]
> > still[color=darkred]
> > > > > here
> > > > > > in
> > > > > > > 3 seconds, <a href='member.php'>click here</a></center>";
> > > > > > > }
> > > > > > > else
> > > > > > > {
> > > > > > > header('refresh: 5; url=index.php');
> > > > > > > echo "<b><u><center>Login failure[/color][/color][/color]
</b></u><br>Username/Password[color=blue][color=green][color=darkred]
> > > > > mismatch.
> > > > > > > Sit tight, we're sending you back to the login page in 5
> > > seconds.<br>
> > > > > > > If your browser doesn't support redirection and you're still[/color][/color]
> here[color=green]
> > in[color=darkred]
> > > 5
> > > > > > > seconds, <a href='index.php'>click here</a></center>";
> > > > > > > }
> > > > > > >
> > > > > > > Now we get to the member.php page and the following happens:
> > > > > > >
> > > > > > > Notice: Undefined index: login in C:\Web\member.php on line 10
> > > > > > >
> > > > > > > Line 10 reads:
> > > > > > >
> > > > > > > if ($_SESSION['login'] != 'yes')
> > > > > > > {
> > > > > > > echo "<b><u><center>You haven't logged on!</b></u><p>
> > > > > > > <a href='index.php'>Click Here</a> to return to the login[/color][/color][/color]
page";[color=blue][color=green][color=darkred]
> > > > > > > exit();
> > > > > > > }
> > > > > > >
> > > > > > > This is where it kicks me out. The code on the member.php page[/color][/color]
> is[color=green][color=darkred]
> > > > > designed
> > > > > > > to stop users doing anything before they log in but unless I[/color][/color][/color]
can[color=blue][color=green][color=darkred]
> > > pass
> > > > > the
> > > > > > > session data between pages, the result of the if statement[/color][/color][/color]
will[color=blue][color=green][color=darkred]
> > > always
> > > > > be
> > > > > > > false.
> > > > > > >
> > > > > > > Even more odd is the fact that it works in Internet Explorer[/color][/color][/color]
and[color=blue][color=green]
> > not[color=darkred]
> > > > > > > Mozilla. Now I trust Mozilla's standards far more than IE so I
> > > really
> > > > > want
> > > > > > > to make it work in Mozilla.
> > > > > > >
> > > > > > > Sorry this is such a long post, I tried to keep it as short as
> > > > possible
> > > > > > but
> > > > > > > give enough information to make it make sense.
> > > > > > >
> > > > > > > So what am I missing? And what is IE doing that Moz isn't?
> > > > > > >
> > > > > > > Thanks for any suggestions.[/color][/color]
>
>
>[/color]
Closed Thread

« previous question | next question »

Similar PHP bytes

/bytes/development

/bytes/it

Forums
Visit our community forums for general discussions and latest on Bytes

Our staff and community areas have moved to bytes.com/forums/

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,471 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved