473,324 Members | 2,511 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

PHP ajax session does not work

hello, all:

I am having trouble to make ajax work for my tiny php app.

I have a index.php file, which is
[php]<?PHP
session_start();
$_SESSION['ajaxKey'] = md5(uniqid(rand(), TRUE));
?>
<script src="clienthint.js"></script>
<script>
var ajaxKey = '<?PHP echo $_SESSION['ajaxKey']; ?>';
</script>
</head>
<body onLoad="showresult(ajaxKey);">
<p>result: <span id="txtHint"></span>
</body>
</html>

I have a ajax jS file, the relavant part is

function showresult(str)
{

if (str.length==0)
{
document.getElementById("txtHint").innerHTML=""
return;
}

xmlHttp=GetXmlHttpObject();
if (xmlHttp==null)
{
alert ("Browser does not support HTTP Request");
return;
}

var url = "read.php";
url=url+"?q="+str;

xmlHttp.onreadystatechange=stateChanged;
xmlHttp.open("GET",url,true);
xmlHttp.send(null);
}

I have the read.php,

<?php

$q=$_GET["q"];

if ($q == $_SESSION['ajaxKey'])
{
$filename = "myfile.txt";

$fp = fopen($filename, "rb") or die("Couldn't operate properly");

$buffer = fread($fp, filesize($filename));

echo $buffer;

}

else
{

echo "terminated".$_SESSION['ajaxKey'];
}

?>
[/php]
The idea is:
1: index.php generate a session key
2: index.php call read.php
3: read.php check if session exists, if yes, then read it, if not, then it is a forging attempt

Basically, I plan to use session key to defeat forging. But in read.php, the session key is always empty.

Can anyone help me please?
Mar 4 '08 #1
3 3705
ronverdonk
4,258 Expert 4TB
Before we are able to help you, it would be nice to be able to read some orderly listed code. So enclose any code within the appropriate code tags. See the Posting Guidelines on how to do that.

moderator
Mar 4 '08 #2
do you have session_start() in each file ?
also why not use session_id for the key?
also why not use POST instead of get?
hth
Mar 4 '08 #3
Thanks.

I have added the session_start, and have changed to POST. and it worked.

The problem is that I returned a Javascript function, and used eval(); but it seems that the script scope is wrong, I cannot use the function.
Mar 6 '08 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

5
by: dougwig | last post by:
I'm trying to handle the scenario where a user's session times out and and their ajax request triggers a redirection by the webserver (302 error?). I'm using Prototype 1.4 and the my works great...
2
by: dmagliola | last post by:
Hello all, I'm experiencing a problem with ASP.Net for which I can't find a reasonable explanation, or any information. I'm currently developing an application that, through AJAX, asks the...
15
by: Evil Otto | last post by:
My page loads, and calls an init() function that returns content to a div on the page, as well as setting a $_SESSION variable. The content it returns includes a link that calls the same variable,...
3
by: Beshoo | last post by:
hey gaiz plz I want to cerate log in system in ajax i do it but i have one problem AFTER I start thes session then press refresh key the session gone !!! in other words , after the user type hid...
13
by: Marvin Zhang | last post by:
Hi, I'm not familiar with web programming, but I have a problem here. I have a page. When a user click one button on it, I will use AJAX to request a PHP script which will do a bunch of tasks,...
6
by: =?Utf-8?B?U2hhd24gU2VzbmE=?= | last post by:
Greetings! I was researching AJAX to provide a solution to displaying status messages while a long process executed. I found several examples online and was able to use their code to get a quick...
16
by: deostroll | last post by:
Suppose I have an asp page that has a response.write(something) in a loop that would run for a considerable amount of time. Now, from my client browser can I trap those server response messages...
0
by: Tarik Monem | last post by:
I have been working on an all AJAX/DOM web site which is set to go live today and I thought I'd share my discoveries with all of you whom have helped me when I have encountered different issues along...
1
by: mbruyns | last post by:
i have been trying (and sometimes succeeding) to use the modalpopupextender to show various panels of controls on my asp pages. the strange problem that i keep on running into is that sometimes it...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.