By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,570 Members | 1,612 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,570 IT Pros & Developers. It's quick & easy.

$_SESSION getting lost

nathj
Expert 100+
P: 938
Hi,

I am having a spot of bother with the use of $_SESSION. They are gernally working absolutely fine with one exception.

On my form I have a capthca security image, when this image is built is stores the value in a $_SESSION variable. When the user types the security code into the box the onchange event calls my javascript function. This in turn calls a PHP page. It's an AJAX thing which is also generally working fine.

The trouble is that I want to check what the user has entered against what is stored in the $_SESSION and the $_SESSION is empty at this point in the process.

Every PHP page involved has session_start(); at the very top of it.

Does anyone have any idea where the $_SESSION is going? The aim of this is to be able to validate the security image in the same way as the rest of the form - client side using AJAX before submission when the data will be checked again and a checksum will be used.

The form, and indeed the whole site, is still in development but can viewed if that helps.

Any details entered in the form will not be stored anywhere. I haven't got to that part yet.

Many thanks
nathj
Jul 20 '07 #1
Share this Question
Share on Google+
9 Replies


nathj
Expert 100+
P: 938
Hi,

Further to my last post, which I left for the sake of completeness, I have decided not to use the captcha image on my application.registration form.

Basically, I discovered that the $_SESSION variable was one item behind when it was visible as well as not being visible where I needed it. All most peculiar.

Any way, the form is over three pages and has client and server side validation plus ther eis a final step of anual applicant approval due to the very specific target audience and the potential sensitivity of topics discussed.

However, I will be usin the Captcha idea when users post reviews, discussion topics and bolgs. So that content cannot be added by a bot.

I know this is a very brief description of what is going on but I would appreciate any feedback or advice in light of this descision.

Many thanks
nathj
Jul 20 '07 #2

P: 93
Can you post up some code to show what you tried for the captcha thing? I made one for the first time the other day and it seemed to work, I'll dig it out and stick it up if you like?

I don't know if this is true because I haven't tested it fully yet, but I have a suspicion that if you have a $_SESSION['variable'] and a normal $variable with the same name then the $_SESSION one over rides the other one.
Jul 20 '07 #3

pbmods
Expert 5K+
P: 5,821
I don't know if this is true because I haven't tested it fully yet, but I have a suspicion that if you have a $_SESSION['variable'] and a normal $variable with the same name then the $_SESSION one over rides the other one.
This occurs when register_globals is turned on.
Jul 21 '07 #4

nathj
Expert 100+
P: 938
Thanks for all the help, I'll double check the register globals thing when I get beack to work on Monday.

As for the code, I have now removed the captcha image from the form. As the application process involves a stage of manual approval it's not that vital.

The trouble was that I was using AJAX to validate the form. I don't want users to submit the form before it is completely valid.

I did some further tests with the code and discovered that the $_SESSION variable was storing the previuos value so if I kept refreshing the page the $_SESSION was always one step behind. It was all very peculiar.

Many thanks
nathj
Jul 21 '07 #5

P: 93
Thanks pbmods! That's useful to know.
Jul 21 '07 #6

pbmods
Expert 5K+
P: 5,821
We aim to please.
Jul 21 '07 #7

kovik
Expert 100+
P: 1,044
Thanks for all the help, I'll double check the register globals thing when I get beack to work on Monday.

As for the code, I have now removed the captcha image from the form. As the application process involves a stage of manual approval it's not that vital.

The trouble was that I was using AJAX to validate the form. I don't want users to submit the form before it is completely valid.
You should validate prior to submission as well, because it is possible to bypass client-side validation. Very much so.

I did some further tests with the code and discovered that the $_SESSION variable was storing the previuos value so if I kept refreshing the page the $_SESSION was always one step behind. It was all very peculiar.
That's likely due to you storing the session variable too late in your script.
Jul 21 '07 #8

nathj
Expert 100+
P: 938
Thanks for all the help and pointers.

I have managed to get this to work. It turns out that the $_SESSION variable was being set to early in the code that generates the captcha image.

I moved this to as soon as the code is created and hey presto it all works lovely.

Thanks to everyone for all your help. I really appreciate it.

Cheers
nathj
Jul 23 '07 #9

pbmods
Expert 5K+
P: 5,821
Heya, nathj.

Glad to hear you got it working! Good luck with your project, and if you ever need anything, post back anytime :)
Jul 23 '07 #10

Post your reply

Sign in to post your reply or Sign up for a free account.