473,738 Members | 11,192 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Session ID problem

Hi,

I've this code in my form:
<?php
ini_set('use_tr ans_sid',1);
session_cache_l imiter('private , must-revalidate');
if(!session_is_ registered("UID ")){
session_start() ;
$UserID = 0;
if (isset($_SESSIO N["UID"]) and $_SESSION["UID"] != "")
$UserID = $_SESSION["UID"];}
}
if(!($UserID 0)){
echo 'error passing UserID';
exit;
}
?>
<form name="FormSubmi t" method="GET" action="<?php echo
$HTTP_SERVER_VA RS['PHP_SELF'].'?'.SID;">

In this form I've a select with a javascript function as depending on the
first value, I've to load a second select
<select NAME="select1" ID="select1" onChange="FormS ubmit.submit(); ">

Now, when I set the confidentiality to "high" or "bloc all cookies" in IE6,
as soon as the form is "submitted" by the value change (onChange), the
UserID is empty and I've the error message on the form.

What's wrong ? the sessionid should be saved on the server and passed by the
?SID, isn'it ?

Please help.

Bob
May 21 '07 #1
1 1644
C.
On 21 May, 09:30, "Bob Bedford" <b...@bedford.c omwrote:
Hi,

I've this code in my form:
<?php
ini_set('use_tr ans_sid',1);
session_cache_l imiter('private , must-revalidate');
if(!session_is_ registered("UID ")){
session_start() ;
$UserID = 0;
if (isset($_SESSIO N["UID"]) and $_SESSION["UID"] != "")
$UserID = $_SESSION["UID"];}}

if(!($UserID 0)){
echo 'error passing UserID';
exit;}

?>
<form name="FormSubmi t" method="GET" action="<?php echo
$HTTP_SERVER_VA RS['PHP_SELF'].'?'.SID;">

In this form I've a select with a javascript function as depending on the
first value, I've to load a second select
<select NAME="select1" ID="select1" onChange="FormS ubmit.submit(); ">

Now, when I set the confidentiality to "high" or "bloc all cookies" in IE6,
as soon as the form is "submitted" by the value change (onChange), the
UserID is empty and I've the error message on the form.

What's wrong ? the sessionid should be saved on the server and passed by the
?SID, isn'it ?

Please help.

Bob

Bob,

Try viewing the source of the page being generated.
<form name="FormSubmi t" method="GET" action="<?php echo
$HTTP_SERVER_VA RS['PHP_SELF'].'?'.SID;">
This is wrong in so many ways:
1) you're using GET as the method on a URL which already contains get
vars
2) you're using the deprecated long variable names (HTTP_SERVER_VA RS)
3) you're passing unvalidated/unescaped input back to the browser
4) you should be putting the session in your output
5) using trans_sids is less secure than cookies - it opens up your
site to all sorts of attacks
6) if you're setting the config at runtime, presumably you've not
checked that it doesn't try to set a cookie - if it does, the the SID
constant is blank.

I'd also suggest getting rid of session_cache_l imiter() and rolling
your own cache headers. It amkes implementing mixed caching policy
much easier if you only work to one model / API.

Go back and read the manual.

C.

May 21 '07 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
2028
Why is Session working for all users except one?
by: Scott Wickham | last post by:
I'm having a problem saving session information on one form and retrieving it on a subsequent form...for only one out of a number of users. Actually, I'm not absolutely certain it's a session problem but I'm hoping the experts can help me figure that out. Our application uses a session variable to "pass" info from one form to the next. It has always worked fine for our users until a few weeks ago when one of our users started having a...
.NET Framework
7
4198
Bug in Access 2003 ? Error after 380 CreateObject("MAPI.Session")
by: Ottar | last post by:
I've made a program sorting incomming mail in public folder. The function runs every minute by using the form.timer event. In Access XP it runs for weeks, no problem. Access 2003 runs the same code for 6 hours and stops. I've found the problem to be the Set MySession = CreateObject("MAPI.Session")
Microsoft Access / VBA
5
2609
Postback lossing Session values?
by: Mark Rodrigues | last post by:
Hi Everyone, I have been fighting a problem for a while and I wonder if someone out there can help. This problem has been presented in a number of news postings previously but I am yet to see a response with a suitable resolution. So here goes ... We have a web site which stores an instance of a class into a Session, which is used in a number of pages. The code looks something like:
ASP.NET
0
405
Postback lossing Session values?
by: Mark Rodrigues | last post by:
Hi Everyone, I have been fighting a problem for a while and I wonder if someone out there can help. This problem has been presented in a number of news postings previously but I am yet to see a response with a suitable resolution. So here goes ... We have a web site which stores an instance of a class into a Session, which is used in a number of pages. The code looks something like:
ASP.NET
1
737
Losing Session State
by: Werner | last post by:
Hi Patrick! Can you give an example of how to use a frameset inside an aspx-file? When I create a new frameset in Visual Studio.Net it just gives me a htm-File. Or give me a link where I can find one? Thanks Werner P.S. Somehow I did not manage to do a followup in Googles newsgroups.
ASP.NET
0
8969
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
8788
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
9476
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
9208
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
1
6751
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
4825
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
3279
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
2745
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2193
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us