473,383 Members | 1,980 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > how to pass session id between multiple pages

Join Bytes to post your question to a community of 473,383 software developers and data experts.

how to pass session id between MULTIPLE pages

Hi, been scratching my head and looking all over but cant get session data to pass to multiple pages.
The scenario is like this.
I present a splash page with an option to login at the bottom via form. Across the top is a menu strip, site access is open to all but if logged in and validatd as a member then selecting "downloads" or "articles" from the menu strip gives access to different content. I need my user to only login / validate once on the splash screen and then hold the session data (string stating member or nonmember retrieved from a db) to be accessable from any page within the site.
my test pages are as follows.

login screen
---------------
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <head><title>Title here!</title></head>
  3. <body>
  4. <form action = "user.php"  method="post">
  5. <input type="text" name="status">
  6. <input type="submit" >
  7. </form>
  8. <a href="download.php">Downloads</a>
  9. </body>
  10. </html>
  11.  
On submit I call my second page which in reality would check username against database and assign either "member" or "nonmember" to session_id
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <head><title>Title here!</title></head>
  3. <body>
  4. <?php
  5. session_start();
  6. $x= $_POST['status'];
  7. session_register("status");
  8. $status=$x;
  9. // check session id should be text entered on login screen for test purposes
  10. echo 'session id is '.$status;
  11. // re display login screen 
  12. include('base.htm');
  13. ?>
  14. </body>
  15. </html>
  16.  
Now I may navigate around the site a little but if I choose "downloads" I need to be able to read the session_id member or nonmember ?
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <head><title>Title here!</title></head>
  3. <body>
  4. <?php
  5. session_start();
  6. global $status;
  7. echo 'session id is '.$status;
  8. ?>
  9. </body>
  10. </html>
  11.  
Problem is that going to "download.php" produces no session_id ?
any help greatly appreciated.
Sep 3 '10 #1

✓ answered by kovik

What you are doing has nothing to do with session IDs. The session ID is a randomly-generated unique string that identifies an individual session. What you are doing is setting session data. The ID stays that same.

As a side note, it's good practice to call session_regenerate_id() whenever a user's permissions change (i.e. when they log in and become a member instead of a guest).

13 10841
Markus
6,050 Expert 4TB
Turn on Error Reporting*, and see this article.

* Use -1 instead of E_ALL.
Sep 3 '10 #2
Thanks for the swift reply but; I can't understand what is going wrong.
I modified the base.htm by placing
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  3. session_id('nonmember');
  4. echo session_id);
  5. ?>
  6.  
at the very top of the doc.
This shows me that session_id has indeed been set to "non member"
When submitting the form I get the session_id changed to whatever I submitted but when clicking download link on base.htm when download.php appears it has a new session_id.
I really dont understand, there must be a simple solution? But I can't see it, help please.
Sep 3 '10 #3
kovik
1,044 Expert 1GB
What, pray tell, is the purpose of allowing your users to select their own session IDs? So that it's easier for them to attempt to hijack another session?
Sep 3 '10 #4
In reality it does not matter what the session id is, as I stated in my original post certain parts of the site have content available only to members. For example you access the articles page, all articles are listed but if you are not a member only some are active links, if you are a member all articles have active links. I require the viewer to log in or not on the splash screen so that as each new page is accessed content can be displayed as to if you are a member or not.
Logging in with your user name / password calls a script to check against a db of members and sets a session id accordingly. It may be that a result of non member sets session_id to "non" whilst a result of "member" sets session_id to a random string (as is I think the default).
The above code is just my test or scratch code to get the principles working and give me known results easier for checking.
Sep 4 '10 #5
Well I got it sorted by using simplified code and by making sure that $_SESSION was in upper case.
test coding is now as follows.

log in / out / downloads
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <head>
  3.        <title>Title here!</title>
  4. </head>
  5. <body >
  6. <form action = "user.php"  method="post">
  7. <input type="text" name="status" value="">
  8. <input type="submit" >
  9. </form>
  10. <a href="download.php">Downloads</a>
  11. <a href="kill.php">logout</a>
  12. </body>
  13. </html>
  14.  
assign session id (remember in real we don't use the entered name but check against db, if member then generate session id as normal, if not a member set session id to "non member".
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  3. error_reporting(-1);
  4. ini_set('display_errors', true);
  5. $x= $_POST['status'];
  6. if (!isset($_SESSION["user"]))
  7. {
  8. $_SESSION["user"]=$x;
  9. echo 'session id is '.$_SESSION["user"];}
  10. else {echo 'session id is '.$_SESSION["user"];}
  11. include('base.htm');
  12. ?>
  13.  
download page has carried the session id.
In real if session id is "non member" display content x if session id anything else then must be member so display content y.
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  3. error_reporting(-1);
  4. ini_set('display_errors', true);
  5. echo 'session id is '.$_SESSION["user"];
  6. ?>
  7.  
to log out or kill the session then
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  3. session_destroy();
  4. include("base.htm");
  5. ?>
  6.  
Hope this helps someone else, there seems to be a lot of questions about passing session id's on the net and I found out myself it's not all plain sailing.
Sep 4 '10 #6
kovik
1,044 Expert 1GB
What you are doing has nothing to do with session IDs. The session ID is a randomly-generated unique string that identifies an individual session. What you are doing is setting session data. The ID stays that same.

As a side note, it's good practice to call session_regenerate_id() whenever a user's permissions change (i.e. when they log in and become a member instead of a guest).
Sep 4 '10 #7
Well thanks for that, I guess I got my terminologu wrong with session id is $_SESSION["user"] but I tried first off doing it by trying to transfer session_id() between pages and could not get it working so I ended up with this session variable instead($_SESSION["user"]).
Can you tell me why it is good practice to regen the session_id() if I am not actually using that value? are there advantages / disadvantages?
I would like to use good programming practice from the start of my induction into php.
Thanks for your input.
Sep 4 '10 #8
Just read explanation on wiki session fixation attack, I now will use session_regenerate_id() as a matter of course. Good article easy to understand. ;)
Sep 4 '10 #9
kovik
1,044 Expert 1GB
By the way, you are passing the session ID, you just don't realize it. It is set in a cookie on their end.

A session instance is like a locked apartment, and the session ID is the key. Their cookie contains this session ID which allows them to open the locked door and get inside.
Sep 4 '10 #10
So is there a more correct way to do this? To set and retain a value throughout a session for a given user?
Sep 4 '10 #11
kovik
1,044 Expert 1GB
Nope, you are doing it correctly. The $_SESSION superglobal array is our method of updating session information.
Sep 4 '10 #12
Thanks, guidance is much appreciated.
Sep 4 '10 #13
kovik
1,044 Expert 1GB
It's what we're here for. :)
Sep 4 '10 #14

Sign in to post your reply or Sign up for a free account.

Similar topics

1
scanning Multiple pages into Access 2k
by: matt | last post by:
I'm using this to scan Multiple pages into Access 2k :- Call KillTempFile strTempFile = TempFile(False, "scan") Me.scanControl.MultiPage = True Me.scanControl.ScanTo = FileOnly...
Microsoft Access / VBA
0
MS Access Create form / report with multiple pages using different background images
by: ghadley_00 | last post by:
MS Access Create form / report with multiple pages using different background images Hi, Would like to have users fill out a multipage form, and then click a print button, which pulls up the...
Microsoft Access / VBA
5
Datagrid Spans Multiple Pages - Need to Print
by: Jay | last post by:
In an ASP.NET page I have a fairly lengthy datagrid that I need to print. Problem is that when I print sometimes the last row on that page gets cut half way through. Is there a way to print a...
ASP.NET
2
printing multiple pages, is there a better way to do this?
by: ray well | last post by:
hi, i need to print multiple pages on a printer. this is what i'm using now Sub Print() Dim PrintDoc As New PrintDocument AddHandler PrintDoc.PrintPage, AddressOf Me.PrintText Do While...
Visual Basic .NET
6
Redirect to multiple pages without displaying each page...
by: Coleen | last post by:
Hi all :-) I need to redirect to multiple pages on click of a transmit button, without redisplaying each page. This redirection is to capture session variables that are created on each page and...
Visual Basic .NET
1
Pass Session Variable from 1.1 to 2.0
by: aperez | last post by:
Hi, I need to pass a session variable from an ASP.NET v1.1 page to a v2.0 page, but haven't been able to do it. The reason is because I need to embed the 1.1 page in my intranet portal tool so I...
ASP.NET
4
carrying over variables from a form to multiple pages...
by: Kurrent | last post by:
I have some data from text fields that are being passed over through a form that I am displaying with the $_POST superglobal. Once i have echo'd out this data onto the next page, i'd like to...
PHP
4
Can't get PHP Session Across multiple pages
by: Vinnie123 | last post by:
I can't seem to get my PHP Session to continue across multiple pages. Here is a sample code I wrote: test.php <?php session_start(); $_SESSION = "feona"; header("Location:...
PHP
3
safest way to pass parameters between pages
by: Aussie Rules | last post by:
Hi, I have a few aspx (.net2) form. The first form allows the user to enter into text box, and select values from drop downs The second form needs to use these values to process some data....
ASP.NET
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!