I'm trying to build an orderform which others can use within an Iframe on their website. Later I want to add this form to facebook.
My current form uses a session to bind the ordered products to the user, but if I disable third party cookies in Internet Explorer I can't order anything. The session ID is changing.
During last steps I ask the user to login and bind an email address to the current session.
I prefer to keep using sessions, so when someone leaves my page, the ordered items are still in their chart. What is best approach to still use sessions inside my iframe?
Thanks for everyones help...
A visitor accessing your web site is assigned a unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL.
Sessions: Introduction
So this means that if cookies are disabled, you need to propagate a session id into the URL. For example:
Checkout
Now the session id will be passed along even if the user has cookies disabled. It is up to you save the users cart into a database or something for when they completely leave your website. Afaik, sessions are always completely destroyed when a user leaves.
More info on passing the session id can be found here: Passing the Session ID
Related
I am a newbie to php.
I just learned that you can create a session variable for a user after his login such as
$_SESSION['id']=****some value(say 3)******;
and this session variable is maintained as long as he doesn't log out(i.e. you clear this session variable using session_destroy).
Now , I have a confusion that if another user logs in then won't this id variable be overwritten thus logging the previous user out?
If this is true ,then what can I do to resolve it?
PHP sessions are tied to a user by a unique (random) ID string, generated the first time you invoke session_start() for a user. That ID is stored in the client browser as a cookie (or possibly via hidden form fields/query parameters).
Even though $_SESSION is used throughout the code, the CONTENTS of that $_SESSION array are tied to a particular user via that ID string. That means if I hit your site, $_SESSION will contain my details. If you hit your site, $_SESSION will contain your details.
There should be no practical way for my details to "leak" in your session, or vice versa. Destroying my session will not destroy yours, because yours is a completely different session, with a different ID.
All sessions are tied to a unique session ID. This is typically set inside the user's cookie.
i am developing a e-commerce website. The user logs in and buy a product when he checkout the page will redirect to the payment gateway. After the payment is completed it will return back to my website. This is ok. But when it is returning back the session maintained in my website get lost. This happen only for the first time. If the user again logged in and checkout the process works good and the session is maintaining.
Why does the session lost for first time.
I used session_start() in all the pages..
I cannot find the solutions. Kindly help..
Why don't you use javascript? You can create cookie to store your incoming members data.
With Jquery and cookie plugin you can do this very easy, sure you must do login for member to create this data. Some useful links:
http://www.jquery.com/
http://plugins.jquery.com/project/Cookie
http://www.electrictoolbox.com/jquery-cookies/
Why does the session lost for first time.
That's hard to tell because there is not much information in your question.
Normally a session get's lost if the session identifier (or session ID in short) is not passed from one request (page) to the other.
Please see the PHP Manual how the session ID can be passed. You need to take care with your code, for example that the cookie is properly set. If the session cookie is not set, the session id will be gone and session_start will create a new session.
how do I use the same web session that was created in one web app to another web app? In order words, if I login to site1.php, how do I automatically get logged in (without having to fill a form or anything) to site2.php using the same credentials that I used to login on site1.php?
Any help please
Your users propably get a cookie with their session id set If not, do so. Both sides would have to use the same session backend to be able to get the session for the given id (from cookie). To share sessions between websites both sites need to use the same session handler. For example in a database.
http://www.devshed.com/c/a/PHP/Storing-PHP-Sessions-in-a-Database/
I have a some information stored on $_SESSION, the session is stored on the database through a custom session handler.
Is there a standard way to either 'impersonate' a session having a session id or clear specific variables from another session.
I am asking about this because I have my web application, with its session variables on its own working, this is an actual shopping cart with order information using paypal. Paypal returns a response of a payment through IPN (Notifications), which are request made from their server to my site. Those requests, of course, initiate their own sessions.
What I want to find is a way to clear the original session variable from the paypal notification request that sees a different session. Is there a way to do that?
One idea might be to manually edit the database in which the session data is stored, but I want to look for something standard, regardless of the session handlers.
I am asking about this because I have my web application, with its session variables on its own working, this is an actual shopping cart with order information using paypal. Paypal returns a response of a payment through IPN (Notifications), which are request made from their server to my site. Those requests, of course, initiate their own sessions.
What I want to find is a way to clear the original session variable from the paypal notification request that sees a different session. Is there a way to do that?
If you've found yourself needing to edit data in someone else's session, you shouldn't be storing that data in a session to begin with.
If you need to read or otherwise work with the IPNs, perhaps you should store them in the database in an actual table. You can associate the row with the user's session ID, or preferably with their login or email address.
Sessions work because of browser cookies. If you remove the cookie, it will create a new session. If you change your cookie to one for another session, you're now impersonating that session.
You can use Chrome's developer tools, or the Web Developer Firefox addon to get easy access to your browers' cookies.
Did you try to create a session array and giving an id to it.
like this
$_SESSION['ipn'] ="";
$_SESSION['ipn']= "Mescalito";
This shouldn't be necessary in the first place.
I'm fairly sure you can specify a unique job ID in the IPN. Use that unique ID to find out which user the notification belongs to, and edit their data. Don't fiddle with sessions for this, it's bad design.
I was hoping someone, could give some information on Cookies and Codeigniter, I have read there user guide on them so I have an understanding of how to set them, etc. What I want to know is how do I use for example if you look at the BBC website, you can drag and drop the boxes and it will remember where you placed them with out the need for you to sign up or login in etc, so I assume it is being stored in the the cookie.
On my site, I have a menu system that allows the user to choose the content that features on 'their' page, now I don't want them to have to sign up or log in so I assume I could somehow store the content they requested in the cookie? Is this possible? Currently they click a link and the relevant content is pulled from the database using the ID in the URL and the ID in the database a match. Do I just save each ID that is requested? And if so how?
Thanks
The fact that you're using CodeIgniter doesn't matter, as you can set cookie information pretty easily with any platform you use. CodeIgniter simply provides wrapper functions for cookies to make them easier to deal with. If you know how to use CI's cookie helper, then you should have no problem making this work.
The most reliable solution would be to use a cookie that holds a unique id for that user. That unique id matches a database record that contains the settings for the user. By only saving the unique id in the cookie, you avoid having to read and write to the cookie when settings change. If you add new features to your site that need their own settings, you won't have to touch the cookie, you'll just add the new settings values to the db. Additionally, you don't want to expose settings information in your cookie, which may allow someone to edit the contents of the cookie to attempt a SQL injection or some other attack.
You can create more than one cookie for your site, so I would make new cookie for the unique id to match to the user settings. When a user visits your site, load the CI cookie helper, then use CI's get_cookie('unique_cookie') helper to find the cookie. The cookie name 'unique_cookie' is what you're using as the name of the cookie that contains the user's unique id.
If get_cookie() returns false, then the user doesn't have the cookie, so he's probably visiting for the first time or he deleted the cookie. You have to create a new cookie using set_cookie($cookie_array). The set_cookie() method takes an associative array as an argument. That array contains the values for the cookie, one of which is 'name' which you will set to 'unique_cookie', and 'value' will be a unique id (use the CI String helper's random_string() method to create a unique id). While you're setting the cookie, you also want to create a db record with that unique id the contains the default settings values.
While the user is on your site, create a session object (using CI's session library) that holds on to the unique id so when the user changes settings during the session you can match the session's unique id value to the db record so you can make updates to that record without having to keep touching the cookie. For any controller actions that may need to get or set settings, you can use the session tools to get the unique id. You should only need to touch the cookie when the user first enters your site and a session object has not been created yet.