473,549 Members | 2,573 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

how to pass session id between MULTIPLE pages

79 New Member
Hi, been scratching my head and looking all over but cant get session data to pass to multiple pages.
The scenario is like this.
I present a splash page with an option to login at the bottom via form. Across the top is a menu strip, site access is open to all but if logged in and validatd as a member then selecting "downloads" or "articles" from the menu strip gives access to different content. I need my user to only login / validate once on the splash screen and then hold the session data (string stating member or nonmember retrieved from a db) to be accessable from any page within the site.
my test pages are as follows.

login screen
---------------
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <head><title>Title here!</title></head>
  3. <body>
  4. <form action = "user.php"  method="post">
  5. <input type="text" name="status">
  6. <input type="submit" >
  7. </form>
  8. <a href="download.php">Downloads</a>
  9. </body>
  10. </html>
  11.  
On submit I call my second page which in reality would check username against database and assign either "member" or "nonmember" to session_id
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <head><title>Title here!</title></head>
  3. <body>
  4. <?php
  5. session_start();
  6. $x= $_POST['status'];
  7. session_register("status");
  8. $status=$x;
  9. // check session id should be text entered on login screen for test purposes
  10. echo 'session id is '.$status;
  11. // re display login screen 
  12. include('base.htm');
  13. ?>
  14. </body>
  15. </html>
  16.  
Now I may navigate around the site a little but if I choose "downloads" I need to be able to read the session_id member or nonmember ?
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <head><title>Title here!</title></head>
  3. <body>
  4. <?php
  5. session_start();
  6. global $status;
  7. echo 'session id is '.$status;
  8. ?>
  9. </body>
  10. </html>
  11.  
Problem is that going to "download.p hp" produces no session_id ?
any help greatly appreciated.
Sep 3 '10 #1
13 10863
Markus
6,050 Recognized Expert Expert
Turn on Error Reporting*, and see this article.

* Use -1 instead of E_ALL.
Sep 3 '10 #2
malcolmk
79 New Member
Thanks for the swift reply but; I can't understand what is going wrong.
I modified the base.htm by placing
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  3. session_id('nonmember');
  4. echo session_id);
  5. ?>
  6.  
at the very top of the doc.
This shows me that session_id has indeed been set to "non member"
When submitting the form I get the session_id changed to whatever I submitted but when clicking download link on base.htm when download.php appears it has a new session_id.
I really dont understand, there must be a simple solution? But I can't see it, help please.
Sep 3 '10 #3
kovik
1,044 Recognized Expert Top Contributor
What, pray tell, is the purpose of allowing your users to select their own session IDs? So that it's easier for them to attempt to hijack another session?
Sep 3 '10 #4
malcolmk
79 New Member
In reality it does not matter what the session id is, as I stated in my original post certain parts of the site have content available only to members. For example you access the articles page, all articles are listed but if you are not a member only some are active links, if you are a member all articles have active links. I require the viewer to log in or not on the splash screen so that as each new page is accessed content can be displayed as to if you are a member or not.
Logging in with your user name / password calls a script to check against a db of members and sets a session id accordingly. It may be that a result of non member sets session_id to "non" whilst a result of "member" sets session_id to a random string (as is I think the default).
The above code is just my test or scratch code to get the principles working and give me known results easier for checking.
Sep 4 '10 #5
malcolmk
79 New Member
Well I got it sorted by using simplified code and by making sure that $_SESSION was in upper case.
test coding is now as follows.

log in / out / downloads
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <head>
  3.        <title>Title here!</title>
  4. </head>
  5. <body >
  6. <form action = "user.php"  method="post">
  7. <input type="text" name="status" value="">
  8. <input type="submit" >
  9. </form>
  10. <a href="download.php">Downloads</a>
  11. <a href="kill.php">logout</a>
  12. </body>
  13. </html>
  14.  
assign session id (remember in real we don't use the entered name but check against db, if member then generate session id as normal, if not a member set session id to "non member".
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  3. error_reporting(-1);
  4. ini_set('display_errors', true);
  5. $x= $_POST['status'];
  6. if (!isset($_SESSION["user"]))
  7. {
  8. $_SESSION["user"]=$x;
  9. echo 'session id is '.$_SESSION["user"];}
  10. else {echo 'session id is '.$_SESSION["user"];}
  11. include('base.htm');
  12. ?>
  13.  
download page has carried the session id.
In real if session id is "non member" display content x if session id anything else then must be member so display content y.
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  3. error_reporting(-1);
  4. ini_set('display_errors', true);
  5. echo 'session id is '.$_SESSION["user"];
  6. ?>
  7.  
to log out or kill the session then
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  3. session_destroy();
  4. include("base.htm");
  5. ?>
  6.  
Hope this helps someone else, there seems to be a lot of questions about passing session id's on the net and I found out myself it's not all plain sailing.
Sep 4 '10 #6
kovik
1,044 Recognized Expert Top Contributor
What you are doing has nothing to do with session IDs. The session ID is a randomly-generated unique string that identifies an individual session. What you are doing is setting session data. The ID stays that same.

As a side note, it's good practice to call session_regener ate_id() whenever a user's permissions change (i.e. when they log in and become a member instead of a guest).
Sep 4 '10 #7
malcolmk
79 New Member
Well thanks for that, I guess I got my terminologu wrong with session id is $_SESSION["user"] but I tried first off doing it by trying to transfer session_id() between pages and could not get it working so I ended up with this session variable instead($_SESSI ON["user"]).
Can you tell me why it is good practice to regen the session_id() if I am not actually using that value? are there advantages / disadvantages?
I would like to use good programming practice from the start of my induction into php.
Thanks for your input.
Sep 4 '10 #8
malcolmk
79 New Member
Just read explanation on wiki session fixation attack, I now will use session_regener ate_id() as a matter of course. Good article easy to understand. ;)
Sep 4 '10 #9
kovik
1,044 Recognized Expert Top Contributor
By the way, you are passing the session ID, you just don't realize it. It is set in a cookie on their end.

A session instance is like a locked apartment, and the session ID is the key. Their cookie contains this session ID which allows them to open the locked door and get inside.
Sep 4 '10 #10

Sign in to post your reply or Sign up for a free account.

Similar topics

1
2169
by: matt | last post by:
I'm using this to scan Multiple pages into Access 2k :- Call KillTempFile strTempFile = TempFile(False, "scan") Me.scanControl.MultiPage = True Me.scanControl.ScanTo = FileOnly Me.scanControl.Image = strTempFile Me.scanControl.StartScan
0
5354
by: ghadley_00 | last post by:
MS Access Create form / report with multiple pages using different background images Hi, Would like to have users fill out a multipage form, and then click a print button, which pulls up the info just entered for a particular record and print out multiple pages of forms, each page having a different image as background.
5
3482
by: Jay | last post by:
In an ASP.NET page I have a fairly lengthy datagrid that I need to print. Problem is that when I print sometimes the last row on that page gets cut half way through. Is there a way to print a datagrid that spans multiple pages? Ideally I'd also like to maintain the header on each page, but would settle with just the content not getting cut. ...
2
8174
by: ray well | last post by:
hi, i need to print multiple pages on a printer. this is what i'm using now Sub Print() Dim PrintDoc As New PrintDocument AddHandler PrintDoc.PrintPage, AddressOf Me.PrintText Do While bPrintingNotDone PrintDoc.Print()
6
5788
by: Coleen | last post by:
Hi all :-) I need to redirect to multiple pages on click of a transmit button, without redisplaying each page. This redirection is to capture session variables that are created on each page and pass them to the main page to be displayed. We are actually NOT using session variables, but storing the values in a temporary table. The problem...
1
1487
by: aperez | last post by:
Hi, I need to pass a session variable from an ASP.NET v1.1 page to a v2.0 page, but haven't been able to do it. The reason is because I need to embed the 1.1 page in my intranet portal tool so I can ask it the user id that is currently logged in (using Plumtree, .. I mean BEA). The portal only supports v1.1. I want to pass that session...
4
14094
by: Kurrent | last post by:
I have some data from text fields that are being passed over through a form that I am displaying with the $_POST superglobal. Once i have echo'd out this data onto the next page, i'd like to continue to use it on the next page. I haven't figured out how to do this properly just yet, but I'm guessing it has something to do with sessions. I...
4
2347
by: Vinnie123 | last post by:
I can't seem to get my PHP Session to continue across multiple pages. Here is a sample code I wrote: test.php <?php session_start(); $_SESSION = "feona"; header("Location: http://partynd.com/test2.php");
3
3170
by: Aussie Rules | last post by:
Hi, I have a few aspx (.net2) form. The first form allows the user to enter into text box, and select values from drop downs The second form needs to use these values to process some data. I am currently using the url to pass the values such as
0
7527
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7967
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7485
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
7819
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
5097
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3505
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3488
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1953
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
0
772
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.