By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,069 Members | 1,716 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,069 IT Pros & Developers. It's quick & easy.

Passing SESSION Data

P: n/a
Hmmm, didn't seem to work. I have set session.use_cookies = 1 and
session.use_trans_sid = 1 in my php.ini file. Index.php contains:
----------------------------------------------------------------------------
<?php
ini_set("session.use_cookies", "off");
ini_set("session.use_trans_sid", "on");
session_start();
$_SESSION['entered_username'] = "";
$_SESSION['login'] = "";
echo "<form method='POST' action='login.php'>
Username:</b>
<input type='text' name='username'
<b>Password:</b>
<input type='password' name='password'
<input type='submit' value='Login'><b>Not a member?</b> Sign up <a
href='register.html'>here</a>
<b>Forgotten your password?</b> <a href='password_reminder.php'>Click
here</a> to have it e-mailed to you.
</form>";

?>
----------------------------------------------------------------------------
Viewing source from browser reveals:
----------------------------------------------------------------------------
<html>
<head>
<title>Welcome</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1"></head>
<form method='POST' action='login.php'>
<b>Username:</b>
<input type='text' name='username'>
<b>Password</b>
<input type='password' name='password'>
<input type='submit' value='Login'>
<b>Not a member?</b> Sign up <a href='register.html'>here</a>
<b>Forgotten your password?</b> <a href='password_reminder.php'>Click
here</a> to have it e-mailed to you.
</form><H1>Header 1</H1>
<H2>Text about something</H2>
</map>
</body>
</html>
----------------------------------------------------------------------------
As you can see, no hidden field. I'm not sure what I've done wrong here. The
PHP on the login page contains session_start(); at the beginning, as does
member.php but on the member.php page, I get: Notice: Undefined index:
login in C:\Web\member.php on line 12
Line 12 contains the following:
----------------------------------------------------------------------------
if ($_SESSION['login'] != 'yes')
{
echo "You haven't logged on!<p>
<a href='index.php'>Click Here</a> to return to the login page";
exit();
}
----------------------------------------------------------------------------
$_SESSION['login'] isn't being passed even though it was set
in login.php using the following:
----------------------------------------------------------------------------
if(mysql_num_rows($result) == 1)
{
$_SESSION['entered_username'] = $_POST['username'];
$_SESSION['login'] = 'yes';
header('refresh: 3; url=member.php');
echo "<h2><center>You have been validated. Please wait, logging you in. .
..</h2><br>
<center>If your browser doesn't support redirection and you're still here in
3 seconds, <a href='member.php'>click here</a></center>";
}
----------------------------------------------------------------------------
The $_SESSION data is available if I use mysql_fetch_array as I used below
to get $entered_username from the $_SESSION array, but can I use something
like this to extract the ['login'] variable from the array and then test it?
----------------------------------------------------------------------------

$query="SELECT firstname, lastname from $Table WHERE
username='$entered_username'";

$result=mysql_query($query)
or die(mysql_error());

while($row = mysql_fetch_array($result))
{
echo "<b>Welcome ". $row['firstname'] . ' ' . $row['lastname'] . '</b>';
}
----------------------------------------------------------------------------
Am I right in thinking that I should be setting the $_SESSIONs up on the
index.php page? I have read that this is the correct way to do it and I
can't personally see anything wrong with doing it this way.

This problem has turned into a bit of a quest as I have spent so long trying
to get it to work! I could just surrender and tell users that they will have
to use cookies but I really want to know why this doesn't work.

Thanks for any help you can offer.
----------------------------------------------------------------------------

Shouldn't, unless your host has session.auto_start on.

--

--
Peter James
Editor-in-Chief, php|architect Magazine
pe***@phparch.com

php|architect
The Magazine for PHP Professionals
http://www.phparch.com
"Paul" <Pa**@here.com> wrote in message
news:bh**********@hercules.btinternet.com...
1 last question (promise!!) I've just been looking up ini_set at php.net.
Thats pretty cool how you can temporarily change php settings. At present I am writing my webpage on my local machine but in time will upload it to my
host. My question is, if session.use_cookies and session.use_trans_sid are
enabled on the server and I enter ini_set("session.use_cookies", "off"); and ini_set("session.use_trans_sid", "on"); on the top of each of my web pages, will it have any unexpected effects?

Thanks again.
"Paul" <Pa**@here.com> wrote in message
news:bh**********@titan.btinternet.com...
Thats slightly overcast with a strong chance of some sunshine later :-)
That kinda cleared things up. Time, error and play will help me figure out
exactly whats happening but I get the jist of it now.

Thanks for your help.

"Peter James" <pe***@shaman.ca> wrote in message
news:vj***********@corp.supernews.com...
If you have access to the php.ini file, then set these session.use_cookies and session.use_trans_sid values in the php.ini file.

auto_start means that a session is started every time... it is very common to leave this off, and just use session_start() when you need sessions. If
you use auto_start, you should also set the use_cookies, etc values in the php.ini file.

As far as appending the session id, PHP will handle it all for you.
If
you
start a session (either auto_start or session_start() ) and create a form
on
a page that's using trans_sid, and then check your page source in the
browser, you should see a hidden field called PHPSESSID in your form.. One
that you _didn't_ add yourself. It's very cool. Relative URL's are
essentially just URLs that don't have a host in them. http://foo.com

is not
a relative url, but /bar/index.php is.

If you have trans_sid on, and you submit the above form and start the
session on the submitted-to page, then all the $_SESSION vars that
you set
on the previous page will be available to you on your submitted-to
page.
Does that clear anything up, or make it cloudier? :-)

Pete.

--

--
Peter James
Editor-in-Chief, php|architect Magazine
pe***@phparch.com

php|architect
The Magazine for PHP Professionals
http://www.phparch.com
"Paul" <Pa**@here.com> wrote in message
news:bh**********@hercules.btinternet.com...
> I know I'm going to sound stupid now, but could you just clarify what > exactly is happening here. At the moment, I am using

session.auto_start
=
0
> in php.ini. Should I now switch this back to 0?
> And if I add ini_set("session.use_cookies", "off"); and
> ini_set("session.use_trans_sid", "on"); to the start of each page,

does
it
> temporary turn on trans_sid for that browsing session?
> Lastly, when you say "This will automagically append the session id to all
> relative URL's that it can identify, as well as adding it into a hidden form
> variable for you", how is the session ID passed then? Where am I

defining
a
> variable that can be used on the next page? How does it identify

"relative
> URLs"? I've only been at this a month so I'm a bit green.
>
> Thanks for your help.
>
>
> "Peter James" <pe***@shaman.ca> wrote in message
> news:vj************@corp.supernews.com...
> > First, rather than manually passing the session id around, just do an > > ini_set() at the beginning of each page...
> >
> > ini_set("session.use_cookies", "off");
> > ini_set("session.use_trans_sid", "on");
> >
> > This will automagically append the session id to all relative
URL's tha
it
> > can identify, as well as adding it into a hidden form variable for

you.
> You
> > don't need to do it manually.
> >
> > Second, you're not passing the session id when you redirect. Writing the
> > header like that doesn't get rewritten by PHP or your routine. If you are
> > not using cookies, you won't have access to the session id on the next > page
> > (the one you redirect to). Even with trans_sid, you'll have to

manually
> > include your session id in the header.
> >
> > HTH.
> > Pete.
> >
> > --
> >
> > --
> > Peter James
> > Editor-in-Chief, php|architect Magazine
> > pe***@phparch.com
> >
> > php|architect
> > The Magazine for PHP Professionals
> > http://www.phparch.com
> >
> >
> > "Paul" <Pa**@here.com> wrote in message
> > news:bh**********@titan.btinternet.com...
> > > I want to use sessions to cover myself in case the user switches off > > cookies
> > > so I am passing the session ID manually through a hidden input

field.
> This
> > > is what I have so far.
> > >
> > > index.php page contains:
> > >
> > > <?php
> > >
> > > $_SESSION['entered_username'] = "";
> > > $_SESSION['login'] = "";
> > > $PHPSESSID = session_id();
> > >
> > > echo "<form method='POST' action='login.php'>
> > > <b>Username:</b>
> > > <input type='text' name='username'>
> > > <b>Password:</b>
> > > <input type='password' name='password'>
> > > <input type='hidden' name='PHPSESSID' value='$PHPSESSID'>
> > > <input type='submit' value='Login'>
> > > </form>";
> > >
> > > ?>
> > >
> > > Now, viewing the source with this page open in the browser, I
can see
> that
> > > the session ID is in the hidden field. According to the book I'm
> reading,
> > > "PHP will automatically get $PHPSESSID without anymore
programming from
> > you
> > > on the login page"
> > > The part of the next page (login.php) that is processing the login is
as
> > > follows:
> > >
> > > if(mysql_num_rows($result) == 1)
> > > {
> > > $_SESSION['entered_username'] = $_POST['username'];
> > > $_SESSION['login'] = 'yes';
> > > header('refresh: 3; url=member.php');
> > > echo "<h2><center>You have been validated. Please wait, logging

you in.
> .
> > > .</h2><br>
> > > <center>If your browser doesn't support redirection and you're still > here
> > in
> > > 3 seconds, <a href='member.php'>click here</a></center>";
> > > }
> > > else
> > > {
> > > header('refresh: 5; url=index.php');
> > > echo "<b><u><center>Login failure </b></u><br>Username/Password
> mismatch.
> > > Sit tight, we're sending you back to the login page in 5

seconds.<br>
> > > If your browser doesn't support redirection and you're still
here in
5
> > > seconds, <a href='index.php'>click here</a></center>";
> > > }
> > >
> > > Now we get to the member.php page and the following happens:
> > >
> > > Notice: Undefined index: login in C:\Web\member.php on line 10
> > >
> > > Line 10 reads:
> > >
> > > if ($_SESSION['login'] != 'yes')
> > > {
> > > echo "<b><u><center>You haven't logged on!</b></u><p>
> > > <a href='index.php'>Click Here</a> to return to the login page";
> > > exit();
> > > }
> > >
> > > This is where it kicks me out. The code on the member.php page

is > designed
> > > to stop users doing anything before they log in but unless I can

pass
> the
> > > session data between pages, the result of the if statement will

always
> be
> > > false.
> > >
> > > Even more odd is the fact that it works in Internet Explorer and

not > > > Mozilla. Now I trust Mozilla's standards far more than IE so I

really
> want
> > > to make it work in Mozilla.
> > >
> > > Sorry this is such a long post, I tried to keep it as short as
possible
> > but
> > > give enough information to make it make sense.
> > >
> > > So what am I missing? And what is IE doing that Moz isn't?
> > >
> > > Thanks for any suggestions.


Jul 16 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
There are couple things afoot here.

In early versions of PHP you could set the session.use_trans_sid using
ini_set(). According to the http://hp.net/ini_set page, you no longer can.
This setting has to be set in the php.ini, httpd.conf, or .htaccess file.

In .htaccess, something like

php_flag session.use_trans_sid 1

If you do a phpinfo() call at the end of your form in index.php, you can
check whether what you're doing is changing the ini setting.

The other thing is a bug/feature that even if use_cookies is off and
use_trans_sid is on, if a cookie is set already in your browser, the session
id won't be rewritten into the page. You must delete all cookies, and all
files (including all offline content in internet explorer) to make this
work. Very frustrating.

Well, as always, I learned something. I hope this helped you.

Cheers,
Pete.

--
Peter James
Editor-in-Chief, php|architect Magazine
pe***@phparch.com

php|architect
The Magazine for PHP Professionals
http://www.phparch.com
"Paul" <Pa**@home.com> wrote in message
news:bh**********@hercules.btinternet.com...
Hmmm, didn't seem to work. I have set session.use_cookies = 1 and
session.use_trans_sid = 1 in my php.ini file. Index.php contains:
-------------------------------------------------------------------------- -- <?php
ini_set("session.use_cookies", "off");
ini_set("session.use_trans_sid", "on");
session_start();
$_SESSION['entered_username'] = "";
$_SESSION['login'] = "";
echo "<form method='POST' action='login.php'>
Username:</b>
<input type='text' name='username'
<b>Password:</b>
<input type='password' name='password'
<input type='submit' value='Login'><b>Not a member?</b> Sign up <a
href='register.html'>here</a>
<b>Forgotten your password?</b> <a href='password_reminder.php'>Click
here</a> to have it e-mailed to you.
</form>";

?>
-------------------------------------------------------------------------- -- Viewing source from browser reveals:
-------------------------------------------------------------------------- -- <html>
<head>
<title>Welcome</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1"></head>
<form method='POST' action='login.php'>
<b>Username:</b>
<input type='text' name='username'>
<b>Password</b>
<input type='password' name='password'>
<input type='submit' value='Login'>
<b>Not a member?</b> Sign up <a href='register.html'>here</a>
<b>Forgotten your password?</b> <a href='password_reminder.php'>Click
here</a> to have it e-mailed to you.
</form><H1>Header 1</H1>
<H2>Text about something</H2>
</map>
</body>
</html>
-------------------------------------------------------------------------- -- As you can see, no hidden field. I'm not sure what I've done wrong here. The PHP on the login page contains session_start(); at the beginning, as does
member.php but on the member.php page, I get: Notice: Undefined index:
login in C:\Web\member.php on line 12
Line 12 contains the following:
-------------------------------------------------------------------------- -- if ($_SESSION['login'] != 'yes')
{
echo "You haven't logged on!<p>
<a href='index.php'>Click Here</a> to return to the login page";
exit();
}
-------------------------------------------------------------------------- -- $_SESSION['login'] isn't being passed even though it was set
in login.php using the following:
-------------------------------------------------------------------------- -- if(mysql_num_rows($result) == 1)
{
$_SESSION['entered_username'] = $_POST['username'];
$_SESSION['login'] = 'yes';
header('refresh: 3; url=member.php');
echo "<h2><center>You have been validated. Please wait, logging you in. .
.</h2><br>
<center>If your browser doesn't support redirection and you're still here in 3 seconds, <a href='member.php'>click here</a></center>";
}
-------------------------------------------------------------------------- -- The $_SESSION data is available if I use mysql_fetch_array as I used below
to get $entered_username from the $_SESSION array, but can I use something
like this to extract the ['login'] variable from the array and then test it? -------------------------------------------------------------------------- --
$query="SELECT firstname, lastname from $Table WHERE
username='$entered_username'";

$result=mysql_query($query)
or die(mysql_error());

while($row = mysql_fetch_array($result))
{
echo "<b>Welcome ". $row['firstname'] . ' ' . $row['lastname'] . '</b>'; }
-------------------------------------------------------------------------- -- Am I right in thinking that I should be setting the $_SESSIONs up on the
index.php page? I have read that this is the correct way to do it and I
can't personally see anything wrong with doing it this way.

This problem has turned into a bit of a quest as I have spent so long trying to get it to work! I could just surrender and tell users that they will have to use cookies but I really want to know why this doesn't work.

Thanks for any help you can offer.
-------------------------------------------------------------------------- --
Shouldn't, unless your host has session.auto_start on.

--

--
Peter James
Editor-in-Chief, php|architect Magazine
pe***@phparch.com

php|architect
The Magazine for PHP Professionals
http://www.phparch.com
"Paul" <Pa**@here.com> wrote in message
news:bh**********@hercules.btinternet.com...
1 last question (promise!!) I've just been looking up ini_set at php.net.
Thats pretty cool how you can temporarily change php settings. At present
I
am writing my webpage on my local machine but in time will upload it to
my host. My question is, if session.use_cookies and session.use_trans_sid are enabled on the server and I enter ini_set("session.use_cookies", "off");

and
ini_set("session.use_trans_sid", "on"); on the top of each of my web

pages,
will it have any unexpected effects?

Thanks again.
"Paul" <Pa**@here.com> wrote in message
news:bh**********@titan.btinternet.com...
Thats slightly overcast with a strong chance of some sunshine later :-) That kinda cleared things up. Time, error and play will help me figure out exactly whats happening but I get the jist of it now.

Thanks for your help.

"Peter James" <pe***@shaman.ca> wrote in message
news:vj***********@corp.supernews.com...
> If you have access to the php.ini file, then set these

session.use_cookies
> and session.use_trans_sid values in the php.ini file.
>
> auto_start means that a session is started every time... it is very

common
> to leave this off, and just use session_start() when you need sessions. If
> you use auto_start, you should also set the use_cookies, etc values in the
> php.ini file.
>
> As far as appending the session id, PHP will handle it all for you. If you
> start a session (either auto_start or session_start() ) and create a

form
on
> a page that's using trans_sid, and then check your page source in
the > browser, you should see a hidden field called PHPSESSID in your form.. One
> that you _didn't_ add yourself. It's very cool. Relative URL's are
> essentially just URLs that don't have a host in them. http://foo.com is not
> a relative url, but /bar/index.php is.
>
> If you have trans_sid on, and you submit the above form and start the > session on the submitted-to page, then all the $_SESSION vars that you set
> on the previous page will be available to you on your submitted-to page. >
> Does that clear anything up, or make it cloudier? :-)
>
> Pete.
>
> --
>
> --
> Peter James
> Editor-in-Chief, php|architect Magazine
> pe***@phparch.com
>
> php|architect
> The Magazine for PHP Professionals
> http://www.phparch.com
>
>
> "Paul" <Pa**@here.com> wrote in message
> news:bh**********@hercules.btinternet.com...
> > I know I'm going to sound stupid now, but could you just clarify what > > exactly is happening here. At the moment, I am using

session.auto_start
=
> 0
> > in php.ini. Should I now switch this back to 0?
> > And if I add ini_set("session.use_cookies", "off"); and
> > ini_set("session.use_trans_sid", "on"); to the start of each page,

does
it
> > temporary turn on trans_sid for that browsing session?
> > Lastly, when you say "This will automagically append the session id to
all
> > relative URL's that it can identify, as well as adding it into a

hidden
> form
> > variable for you", how is the session ID passed then? Where am I
defining
> a
> > variable that can be used on the next page? How does it identify
"relative
> > URLs"? I've only been at this a month so I'm a bit green.
> >
> > Thanks for your help.
> >
> >
> > "Peter James" <pe***@shaman.ca> wrote in message
> > news:vj************@corp.supernews.com...
> > > First, rather than manually passing the session id around, just
do an
> > > ini_set() at the beginning of each page...
> > >
> > > ini_set("session.use_cookies", "off");
> > > ini_set("session.use_trans_sid", "on");
> > >
> > > This will automagically append the session id to all relative URL's tha
> it
> > > can identify, as well as adding it into a hidden form variable
for you.
> > You
> > > don't need to do it manually.
> > >
> > > Second, you're not passing the session id when you redirect.

Writing
> the
> > > header like that doesn't get rewritten by PHP or your routine. If you
> are
> > > not using cookies, you won't have access to the session id on
the next
> > page
> > > (the one you redirect to). Even with trans_sid, you'll have to
manually
> > > include your session id in the header.
> > >
> > > HTH.
> > > Pete.
> > >
> > > --
> > >
> > > --
> > > Peter James
> > > Editor-in-Chief, php|architect Magazine
> > > pe***@phparch.com
> > >
> > > php|architect
> > > The Magazine for PHP Professionals
> > > http://www.phparch.com
> > >
> > >
> > > "Paul" <Pa**@here.com> wrote in message
> > > news:bh**********@titan.btinternet.com...
> > > > I want to use sessions to cover myself in case the user
switches off
> > > cookies
> > > > so I am passing the session ID manually through a hidden input
field.
> > This
> > > > is what I have so far.
> > > >
> > > > index.php page contains:
> > > >
> > > > <?php
> > > >
> > > > $_SESSION['entered_username'] = "";
> > > > $_SESSION['login'] = "";
> > > > $PHPSESSID = session_id();
> > > >
> > > > echo "<form method='POST' action='login.php'>
> > > > <b>Username:</b>
> > > > <input type='text' name='username'>
> > > > <b>Password:</b>
> > > > <input type='password' name='password'>
> > > > <input type='hidden' name='PHPSESSID' value='$PHPSESSID'>
> > > > <input type='submit' value='Login'>
> > > > </form>";
> > > >
> > > > ?>
> > > >
> > > > Now, viewing the source with this page open in the browser, I can see
> > that
> > > > the session ID is in the hidden field. According to the book
I'm > > reading,
> > > > "PHP will automatically get $PHPSESSID without anymore

programming > from
> > > you
> > > > on the login page"
> > > > The part of the next page (login.php) that is processing the login is
> as
> > > > follows:
> > > >
> > > > if(mysql_num_rows($result) == 1)
> > > > {
> > > > $_SESSION['entered_username'] = $_POST['username'];
> > > > $_SESSION['login'] = 'yes';
> > > > header('refresh: 3; url=member.php');
> > > > echo "<h2><center>You have been validated. Please wait, logging you
> in.
> > .
> > > > .</h2><br>
> > > > <center>If your browser doesn't support redirection and you're

still
> > here
> > > in
> > > > 3 seconds, <a href='member.php'>click here</a></center>";
> > > > }
> > > > else
> > > > {
> > > > header('refresh: 5; url=index.php');
> > > > echo "<b><u><center>Login failure
</b></u><br>Username/Password > > mismatch.
> > > > Sit tight, we're sending you back to the login page in 5
seconds.<br>
> > > > If your browser doesn't support redirection and you're still here
in
5
> > > > seconds, <a href='index.php'>click here</a></center>";
> > > > }
> > > >
> > > > Now we get to the member.php page and the following happens:
> > > >
> > > > Notice: Undefined index: login in C:\Web\member.php on line 10
> > > >
> > > > Line 10 reads:
> > > >
> > > > if ($_SESSION['login'] != 'yes')
> > > > {
> > > > echo "<b><u><center>You haven't logged on!</b></u><p>
> > > > <a href='index.php'>Click Here</a> to return to the login page"; > > > > exit();
> > > > }
> > > >
> > > > This is where it kicks me out. The code on the member.php page

is > > designed
> > > > to stop users doing anything before they log in but unless I can pass
> > the
> > > > session data between pages, the result of the if statement will always
> > be
> > > > false.
> > > >
> > > > Even more odd is the fact that it works in Internet Explorer

and not
> > > > Mozilla. Now I trust Mozilla's standards far more than IE so I
really
> > want
> > > > to make it work in Mozilla.
> > > >
> > > > Sorry this is such a long post, I tried to keep it as short as
> possible
> > > but
> > > > give enough information to make it make sense.
> > > >
> > > > So what am I missing? And what is IE doing that Moz isn't?
> > > >
> > > > Thanks for any suggestions.



Jul 16 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.