Hi, been scratching my head and looking all over but cant get session data to pass to multiple pages.
The scenario is like this.
I present a splash page with an option to login at the bottom via form. Across the top is a menu strip, site access is open to all but if logged in and validatd as a member then selecting "downloads" or "articles" from the menu strip gives access to different content. I need my user to only login / validate once on the splash screen and then hold the session data (string stating member or nonmember retrieved from a db) to be accessable from any page within the site.
my test pages are as follows.
login screen
--------------- -
<html>
-
<head><title>Title here!</title></head>
-
<body>
-
<form action = "user.php" method="post">
-
<input type="text" name="status">
-
<input type="submit" >
-
</form>
-
<a href="download.php">Downloads</a>
-
</body>
-
</html>
-
On submit I call my second page which in reality would check username against database and assign either "member" or "nonmember" to session_id - <html>
-
<head><title>Title here!</title></head>
-
<body>
-
<?php
-
session_start();
-
$x= $_POST['status'];
-
session_register("status");
-
$status=$x;
-
// check session id should be text entered on login screen for test purposes
-
echo 'session id is '.$status;
-
// re display login screen
-
include('base.htm');
-
?>
-
</body>
-
</html>
-
Now I may navigate around the site a little but if I choose "downloads" I need to be able to read the session_id member or nonmember ? - <html>
-
<head><title>Title here!</title></head>
-
<body>
-
<?php
-
session_start();
-
global $status;
-
echo 'session id is '.$status;
-
?>
-
</body>
-
</html>
-
Problem is that going to "download.php" produces no session_id ?
any help greatly appreciated.
What you are doing has nothing to do with session IDs. The session ID is a randomly-generated unique string that identifies an individual session. What you are doing is setting session data. The ID stays that same.
As a side note, it's good practice to call session_regenerate_id() whenever a user's permissions change (i.e. when they log in and become a member instead of a guest).
13  10643 
Thanks for the swift reply but; I can't understand what is going wrong.
I modified the base.htm by placing - <?php
-
session_start();
-
session_id('nonmember');
-
echo session_id);
-
?>
-
at the very top of the doc.
This shows me that session_id has indeed been set to "non member"
When submitting the form I get the session_id changed to whatever I submitted but when clicking download link on base.htm when download.php appears it has a new session_id.
I really dont understand, there must be a simple solution? But I can't see it, help please.
What, pray tell, is the purpose of allowing your users to select their own session IDs? So that it's easier for them to attempt to hijack another session?
In reality it does not matter what the session id is, as I stated in my original post certain parts of the site have content available only to members. For example you access the articles page, all articles are listed but if you are not a member only some are active links, if you are a member all articles have active links. I require the viewer to log in or not on the splash screen so that as each new page is accessed content can be displayed as to if you are a member or not.
Logging in with your user name / password calls a script to check against a db of members and sets a session id accordingly. It may be that a result of non member sets session_id to "non" whilst a result of "member" sets session_id to a random string (as is I think the default).
The above code is just my test or scratch code to get the principles working and give me known results easier for checking.
Well I got it sorted by using simplified code and by making sure that $_SESSION was in upper case.
test coding is now as follows.
log in / out / downloads - <html>
-
<head>
-
<title>Title here!</title>
-
</head>
-
<body >
-
<form action = "user.php" method="post">
-
<input type="text" name="status" value="">
-
<input type="submit" >
-
</form>
-
<a href="download.php">Downloads</a>
-
<a href="kill.php">logout</a>
-
</body>
-
</html>
-
assign session id (remember in real we don't use the entered name but check against db, if member then generate session id as normal, if not a member set session id to "non member". - <?php
-
session_start();
-
error_reporting(-1);
-
ini_set('display_errors', true);
-
$x= $_POST['status'];
-
if (!isset($_SESSION["user"]))
-
{
-
$_SESSION["user"]=$x;
-
echo 'session id is '.$_SESSION["user"];}
-
else {echo 'session id is '.$_SESSION["user"];}
-
include('base.htm');
-
?>
-
download page has carried the session id.
In real if session id is "non member" display content x if session id anything else then must be member so display content y. - <?php
-
session_start();
-
error_reporting(-1);
-
ini_set('display_errors', true);
-
echo 'session id is '.$_SESSION["user"];
-
?>
-
to log out or kill the session then - <?php
-
session_start();
-
session_destroy();
-
include("base.htm");
-
?>
-
Hope this helps someone else, there seems to be a lot of questions about passing session id's on the net and I found out myself it's not all plain sailing.
What you are doing has nothing to do with session IDs. The session ID is a randomly-generated unique string that identifies an individual session. What you are doing is setting session data. The ID stays that same.
As a side note, it's good practice to call session_regenerate_id() whenever a user's permissions change (i.e. when they log in and become a member instead of a guest).
Well thanks for that, I guess I got my terminologu wrong with session id is $_SESSION["user"] but I tried first off doing it by trying to transfer session_id() between pages and could not get it working so I ended up with this session variable instead($_SESSION["user"]).
Can you tell me why it is good practice to regen the session_id() if I am not actually using that value? are there advantages / disadvantages?
I would like to use good programming practice from the start of my induction into php.
Thanks for your input.
Just read explanation on wiki session fixation attack, I now will use session_regenerate_id() as a matter of course. Good article easy to understand. ;)
By the way, you are passing the session ID, you just don't realize it. It is set in a cookie on their end.
A session instance is like a locked apartment, and the session ID is the key. Their cookie contains this session ID which allows them to open the locked door and get inside.
So is there a more correct way to do this? To set and retain a value throughout a session for a given user?
Nope, you are doing it correctly. The $_SESSION superglobal array is our method of updating session information.
Thanks, guidance is much appreciated.
It's what we're here for. :)
Sign in to post your reply or Sign up for a free account.
Similar topics
by: matt |
last post by:
I'm using this to scan Multiple pages into Access 2k :-
Call KillTempFile
strTempFile = TempFile(False, "scan")
Me.scanControl.MultiPage = True
Me.scanControl.ScanTo = FileOnly...
|
by: ghadley_00 |
last post by:
MS Access Create form / report with multiple pages using different
background images
Hi,
Would like to have users fill out a multipage form, and then click a
print button, which pulls up the...
|
by: Jay |
last post by:
In an ASP.NET page I have a fairly lengthy datagrid that I need to print.
Problem is that when I print sometimes the last row on that page gets cut
half way through. Is there a way to print a...
|
by: ray well |
last post by:
hi,
i need to print multiple pages on a printer. this is what i'm using now
Sub Print()
Dim PrintDoc As New PrintDocument
AddHandler PrintDoc.PrintPage, AddressOf Me.PrintText
Do While...
|
by: Coleen |
last post by:
Hi all :-)
I need to redirect to multiple pages on click of a transmit button, without
redisplaying each page. This redirection is to capture session variables
that are created on each page and...
|
by: aperez |
last post by:
Hi, I need to pass a session variable from an ASP.NET v1.1 page to a
v2.0 page, but haven't been able to do it. The reason is because I
need to embed the 1.1 page in my intranet portal tool so I...
|
by: Kurrent |
last post by:
I have some data from text fields that are being passed over through a
form that I am displaying with the $_POST superglobal. Once i have
echo'd out this data onto the next page, i'd like to...
|
by: Vinnie123 |
last post by:
I can't seem to get my PHP Session to continue across multiple pages. Here is a sample code I wrote:
test.php
<?php
session_start();
$_SESSION = "feona";
header("Location:...
|
by: Aussie Rules |
last post by:
Hi,
I have a few aspx (.net2) form.
The first form allows the user to enter into text box, and select values
from drop downs
The second form needs to use these values to process some data....
|
by: Kemmylinns12 |
last post by:
Blockchain technology has emerged as a transformative force in the business world, offering unprecedented opportunities for innovation and efficiency. While initially associated with cryptocurrencies...
|
by: WisdomUfot |
last post by:
It's an interesting question you've got about how Gmail hides the HTTP referrer when a link in an email is clicked. While I don't have the specific technical details, Gmail likely implements measures...
|
by: Oralloy |
last post by:
Hello Folks,
I am trying to hook up a CPU which I designed using SystemC to I/O pins on an FPGA.
My problem (spelled failure) is with the synthesis of my design into a bitstream, not the C++...
|
by: Carina712 |
last post by:
Setting background colors for Excel documents can help to improve the visual appeal of the document and make it easier to read and understand. Background colors can be used to highlight important...
|
by: BLUEPANDA |
last post by:
At BluePanda Dev, we're passionate about building high-quality software and sharing our knowledge with the community. That's why we've created a SaaS starter kit that's not only easy to use but also...
|
by: Rahul1995seven |
last post by:
Introduction:
In the realm of programming languages, Python has emerged as a powerhouse. With its simplicity, versatility, and robustness, Python has gained popularity among beginners and experts...
|
by: Johno34 |
last post by:
I have this click event on my form. It speaks to a Datasheet Subform
Private Sub Command260_Click()
Dim r As DAO.Recordset
Set r = Form_frmABCD.Form.RecordsetClone
r.MoveFirst
Do
If...
|
by: jack2019x |
last post by:
hello, Is there code or static lib for hook swapchain present?
I wanna hook dxgi swapchain present for dx11 and dx9.
|
by: DizelArs |
last post by:
Hi all)
Faced with a problem, element.click() event doesn't work in Safari browser.
Tried various tricks like emulating touch event through a function:
let clickEvent = new Event('click', {...
| |
