Hi, been scratching my head and looking all over but cant get session data to pass to multiple pages.
The scenario is like this.
I present a splash page with an option to login at the bottom via form. Across the top is a menu strip, site access is open to all but if logged in and validatd as a member then selecting "downloads" or "articles" from the menu strip gives access to different content. I need my user to only login / validate once on the splash screen and then hold the session data (string stating member or nonmember retrieved from a db) to be accessable from any page within the site.
my test pages are as follows.
login screen
--------------- -
<html>
-
<head><title>Title here!</title></head>
-
<body>
-
<form action = "user.php" method="post">
-
<input type="text" name="status">
-
<input type="submit" >
-
</form>
-
<a href="download.php">Downloads</a>
-
</body>
-
</html>
-
On submit I call my second page which in reality would check username against database and assign either "member" or "nonmember" to session_id - <html>
-
<head><title>Title here!</title></head>
-
<body>
-
<?php
-
session_start();
-
$x= $_POST['status'];
-
session_register("status");
-
$status=$x;
-
// check session id should be text entered on login screen for test purposes
-
echo 'session id is '.$status;
-
// re display login screen
-
include('base.htm');
-
?>
-
</body>
-
</html>
-
Now I may navigate around the site a little but if I choose "downloads" I need to be able to read the session_id member or nonmember ? - <html>
-
<head><title>Title here!</title></head>
-
<body>
-
<?php
-
session_start();
-
global $status;
-
echo 'session id is '.$status;
-
?>
-
</body>
-
</html>
-
Problem is that going to "download.p hp" produces no session_id ?
any help greatly appreciated.
13  10900 
Thanks for the swift reply but; I can't understand what is going wrong.
I modified the base.htm by placing - <?php
-
session_start();
-
session_id('nonmember');
-
echo session_id);
-
?>
-
at the very top of the doc.
This shows me that session_id has indeed been set to "non member"
When submitting the form I get the session_id changed to whatever I submitted but when clicking download link on base.htm when download.php appears it has a new session_id.
I really dont understand, there must be a simple solution? But I can't see it, help please.
kovik 1,044
Recognized Expert Top Contributor
What, pray tell, is the purpose of allowing your users to select their own session IDs? So that it's easier for them to attempt to hijack another session?
In reality it does not matter what the session id is, as I stated in my original post certain parts of the site have content available only to members. For example you access the articles page, all articles are listed but if you are not a member only some are active links, if you are a member all articles have active links. I require the viewer to log in or not on the splash screen so that as each new page is accessed content can be displayed as to if you are a member or not.
Logging in with your user name / password calls a script to check against a db of members and sets a session id accordingly. It may be that a result of non member sets session_id to "non" whilst a result of "member" sets session_id to a random string (as is I think the default).
The above code is just my test or scratch code to get the principles working and give me known results easier for checking.
Well I got it sorted by using simplified code and by making sure that $_SESSION was in upper case.
test coding is now as follows.
log in / out / downloads - <html>
-
<head>
-
<title>Title here!</title>
-
</head>
-
<body >
-
<form action = "user.php" method="post">
-
<input type="text" name="status" value="">
-
<input type="submit" >
-
</form>
-
<a href="download.php">Downloads</a>
-
<a href="kill.php">logout</a>
-
</body>
-
</html>
-
assign session id (remember in real we don't use the entered name but check against db, if member then generate session id as normal, if not a member set session id to "non member". - <?php
-
session_start();
-
error_reporting(-1);
-
ini_set('display_errors', true);
-
$x= $_POST['status'];
-
if (!isset($_SESSION["user"]))
-
{
-
$_SESSION["user"]=$x;
-
echo 'session id is '.$_SESSION["user"];}
-
else {echo 'session id is '.$_SESSION["user"];}
-
include('base.htm');
-
?>
-
download page has carried the session id.
In real if session id is "non member" display content x if session id anything else then must be member so display content y. - <?php
-
session_start();
-
error_reporting(-1);
-
ini_set('display_errors', true);
-
echo 'session id is '.$_SESSION["user"];
-
?>
-
to log out or kill the session then - <?php
-
session_start();
-
session_destroy();
-
include("base.htm");
-
?>
-
Hope this helps someone else, there seems to be a lot of questions about passing session id's on the net and I found out myself it's not all plain sailing.
kovik 1,044
Recognized Expert Top Contributor
What you are doing has nothing to do with session IDs. The session ID is a randomly-generated unique string that identifies an individual session. What you are doing is setting session data. The ID stays that same.
As a side note, it's good practice to call session_regener ate_id() whenever a user's permissions change (i.e. when they log in and become a member instead of a guest).
Well thanks for that, I guess I got my terminologu wrong with session id is $_SESSION["user"] but I tried first off doing it by trying to transfer session_id() between pages and could not get it working so I ended up with this session variable instead($_SESSI ON["user"]).
Can you tell me why it is good practice to regen the session_id() if I am not actually using that value? are there advantages / disadvantages?
I would like to use good programming practice from the start of my induction into php.
Thanks for your input.
Just read explanation on wiki session fixation attack, I now will use session_regener ate_id() as a matter of course. Good article easy to understand. ;)
kovik 1,044
Recognized Expert Top Contributor
By the way, you are passing the session ID, you just don't realize it. It is set in a cookie on their end.
A session instance is like a locked apartment, and the session ID is the key. Their cookie contains this session ID which allows them to open the locked door and get inside.
Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: matt |
last post by:
I'm using this to scan Multiple pages into Access 2k :-
Call KillTempFile
strTempFile = TempFile(False, "scan")
Me.scanControl.MultiPage = True
Me.scanControl.ScanTo = FileOnly
Me.scanControl.Image = strTempFile
Me.scanControl.StartScan
|
by: ghadley_00 |
last post by:
MS Access Create form / report with multiple pages using different
background images
Hi,
Would like to have users fill out a multipage form, and then click a
print button, which pulls up the info just entered for a particular
record and print out multiple pages of forms, each page having a
different image as background.
|
by: Jay |
last post by:
In an ASP.NET page I have a fairly lengthy datagrid that I need to print.
Problem is that when I print sometimes the last row on that page gets cut
half way through. Is there a way to print a datagrid that spans multiple
pages? Ideally I'd also like to maintain the header on each page, but would
settle with just the content not getting cut. The datagrid can range in
size (dynamic). Any examples of doing this?
Thanks a lot.
|
by: ray well |
last post by:
hi,
i need to print multiple pages on a printer. this is what i'm using now
Sub Print()
Dim PrintDoc As New PrintDocument
AddHandler PrintDoc.PrintPage, AddressOf Me.PrintText
Do While bPrintingNotDone
PrintDoc.Print()
|
by: Coleen |
last post by:
Hi all :-)
I need to redirect to multiple pages on click of a transmit button, without
redisplaying each page. This redirection is to capture session variables
that are created on each page and pass them to the main page to be
displayed. We are actually NOT using session variables, but storing the
values in a temporary table. The problem is that the values don't get
stored in the temporary table unless the user goes to each page...
| | |
by: aperez |
last post by:
Hi, I need to pass a session variable from an ASP.NET v1.1 page to a
v2.0 page, but haven't been able to do it. The reason is because I
need to embed the 1.1 page in my intranet portal tool so I can ask it
the user id that is currently logged in (using Plumtree, .. I mean
BEA). The portal only supports v1.1. I want to pass that session
variable to multiple pages externally that are running v2.0. Is this
possible? Please help.
|
by: Kurrent |
last post by:
I have some data from text fields that are being passed over through a
form that I am displaying with the $_POST superglobal. Once i have
echo'd out this data onto the next page, i'd like to continue to use
it on the next page. I haven't figured out how to do this properly
just yet, but I'm guessing it has something to do with sessions. I
have MANY variables being passed (over 100) and I'm hoping i don't
have to register each one of these...
|
by: Vinnie123 |
last post by:
I can't seem to get my PHP Session to continue across multiple pages. Here is a sample code I wrote:
test.php
<?php
session_start();
$_SESSION = "feona";
header("Location: http://partynd.com/test2.php");
|
by: Aussie Rules |
last post by:
Hi,
I have a few aspx (.net2) form.
The first form allows the user to enter into text box, and select values
from drop downs
The second form needs to use these values to process some data.
I am currently using the url to pass the values such as
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
