I was wondering if anyone could give me an idea of how to pass a variable to another page in Wordpress.
I need to be able to use the get_the_ID(); function to set a variable which can be accessed from any page.
Would I be able to store the variable in a session or would that be a security issue?
Am I completely on the wrong track because to be honest, I have no idea what I'm doing.Any help would go a long way.
Cheers
Using session is not a security issue as long as you not getting any user input (otherwise sanitize/encrypt your value).
Go ahead and use it like this
<?php
$_SESSION['next-page-id'] = get_the_ID(); // once set
Now in your whole application you can access your session variable like this:
if ( isset( $_SESSION['next-page-id'] ) ) { // remember to check if it set or not
echo $_SESSION['next-page-id'];
}
Edited:
You don't have to use session_start() on top of each page instead you should add a function in init hook.
Just paste this tiny code to your functions.php file
function session_initialize() {
if ( ! session_id() ) {
session_start();
}
}
add_action( 'init', 'session_initialize' );
Is it possible for a user to view session variables?
No, a user can't able to view your session at all. If they don't have access to your files.
How does wordpress stop users from creating their own session variables?
Remember Wordpress not use session in its whole application (Only Cookies). Users cannot create session variables. As said above they have to write code to your php file (or somehow they inject code to your application if any plugin or theme found vulnerable).
Related
Very simple experiment. I have an index.php which contains:
if ( !isset( $_SESSION ) ) {
session_id( random_string() );
session_start();
}
echo session_id();
random_string() simply returns a random 20 char A-Z,a-z,0-9 string.
On reloading this page it will ALWAYS generate a new session ID since there isn't a call to session_start() before that if statement, and the (resuming) $_SESSION super global doesn't exist.
However, if I put a call to session_start() at the top of the script I've lost my chance to specify a custom session ID, since setting a custom ID has to happen before the call to session_start().
I just can't figure this out. Chicken/egg problem. So, how do I successfully implement a custom session ID, which will keep the super global alive between page loads?
You can have your own customized session id throughout pages with the help of file system and database. I've written the following code to keep track of same session id through all the pages using file system method:
if(filesize('session_track.txt') === 0) {
file_put_contents('session_track.txt', random_string());
}
$session_id = file_get_contents('session_track.txt');
session_id($session_id);
session_start();
// Here is the conditional statement, in case you need to regenerate your custom session id again
$regenerate_custom_session_id = false; // if need, set it to true.
// This code depends on your requirements. I just mentioned this conditional statement for your understanding to make it logically work
if($regenerate_custom_session_id === true) {
file_put_contents('session_track.txt', '');
}
I'm not sure how efficient this code is. I've just shared my idea to make it work.
I have a client page using PHP which then goes to a Wordpress page. The session on the client page is remembered, but when I load a new page from Wordpress, the session is empty. Why does Wordpress not store my session data like my client page does?
This code is on the login page:
my_session_register('user_id');
$_SESSION['user_id']=$user_id;
header('Location: booking_user.php');
This code checks the session in Wordpress:
if (!my_session_is_registered('user_id')) {
header('Location: login.php');
}
I just don't know how to persist the session to Wordpress.
You forgot to add session_start() that might cause problem.
If you are going to use $_SESSION there must be session_start()
Learn more about it: Here
You have to add session_start(); on every page u use session or alternatively save it in a file and include it everytime.
Though I am answering the same as the other two answers, I will tell you why. Wordpress is stateless so by default you can not push data from page to page using $_SESSION. That is why you have to add session_start() on the Wordpress site. You may want to throw the session_start() into an init hook in Wordpress:
// You may just be able to write this
add_action( 'init', 'session_start' );
If the above doesn't work (I don't see why it wouldn't):
// You can add your own function as a wrapper
add_action( 'init', 'startCustomSession' );
function startCustomSession()
{
session_start();
}
I have my index page which uses a script to load another page into a div
$('#TransportPlanning').click(function() {
mainpage = $('#FloatMain')
mainpage.load('create_diary.php')
});
The page loads ok into my div, but I want to share php variables from one page to another, I thought the newly loaded page would be able to reference the main index variables but this is not the case , I have tried global but still not working
Any help please ?
To Share Variable Between Two Different PHP Scripts, Make It Super Global :
Use
session_start();
// store session data
$_SESSION['key']=value;
In index.php And read it in crate_diary.php as :
session_start();
$key=$_SESSION['key'];
And Do That ($key) Variable Specific code in create_diary.php.
Using Session or Cookies Prevent Unethical Use of Your Sensitive Data. You Can Also Use Cookies Instead Of Session. But Dont forget to unset session after you've done with it. Specially When you are dealing with cookies because Session will get automatically destroyed when user closes browser but this isn't true with cookie.
Global variables are not shared across scripts.
Pass them as query arguments instead, like:
mainpage.load('create_diary.php?key=value');
The value will be available within your create_diary script in $_GET['key']
Ok, this is starting to annoy me, as it's quite simply and works elsewhere, but on this current task it doesn't, so here I go!
There is a main page which relies on either a session variable being set or not to display certain information.
Let's say this page is located here: http://dev.example.com/some_page.php
e.g.
if (isset($_SESSION["some_var"])) { /* it's set so do whatever */ }
else { /* not set so do whatever else.. */ }
There is an ajax page triggered by jQuery $.ajax() to call and set this session variable to null to change the action of the main page, let's say it's located here: http://dev.example.com/ajax/some_ajax_page.php
It's code looks like so:
<?php
if (!isset($_SESSION)) session_start();
$_SESSION["some_var"] = null;
When the main page is reloaded after the ajax is triggered, the session var "some_var" is still intact, but if it's echoed after the "null" in the ajax page then it is set to "null".
Basically it doesn't seem to write to the global session, only to the local path.
Does this make sense?
Any help please? Also if you want more clarification with anything let me know!
The session_start() function will handle the attempt to create and persist a session for you, as defined by PHP's configuration, or optionally at runtime if you set your own save handler. Make sure you read the documentation here:
http://us2.php.net/manual/en/function.session-start.php
For your code, you want to make sure to call session_start() at the beginning of any page in which you'd like to save or access session variables. So your page above may look like:
<?php
session_start();
$_SESSION['myvar'] = 'some value';
Then in a different page you can try to access that value:
<?php
session_start();
if ($_SESSION['myvar'] == 'some value') {
// do something
}
That should work fine.
Get rid of the check for session. If this is the only file your calling just do this:
<?php
session_start();
$_SESSION["some_var"] = null;
Also, are you using framework that auto-regenerates session ID on each request? If so, you'll might have problems.
If you have a dev machine to play with and permissions to do so, you can manually delete all sessions in the /var/lib/php/session/ directory. As you use your site, only one session file should be created. You can also inspect that file to see what is getting written and when.
Seems that you are using different sessions vars. One for the AJAX call and another for the normal pages calls. This may occur when you do not init both call in the same way (or using the same starting code that initializes the sessions)
Be sure to session_start() both calls using the same session_id.
// try in both calls
session_start();
echo session_id(); // must return the same id in both calls
Why don't you use unset? It is the proper way to do it.
Turns out the application I was working on had it's own session_handler and if it was not included before requesting the session data, it was always invalid, eventhough it was the same session_id.
I'm developing a site using Wordpress.
My permalink structure is set to show post/page name. So accessing a page called store will look like this: www.mysite.com/store/?some=arguments
In all my WP templates, I'm able to output all my SESSION variables using print_r($_SESSION);
Doing the same from a file called from jQuery.ajax only outputs some of the SESSION varaibles.
I've used the following code to see if the cookie path is same for both files, and they are:
$sessCookie = ini_get('session.cookie_path');
echo 'session.cookie_path: '.$sessCookie;
I also have this code in my files to make sure session is started:
if (!session_id())
session_start();
Why am I not able to output the same session variables from a WP template and a php file called from jQuery.ajax?
UPDATE
jQuery.ajax calls jquery.php file. At the top of this file, it has the following code:
require_once($_SERVER['DOCUMENT_ROOT'].'/wp-blog-header.php');
This code fires functions.php. In this file I have the following code:
function session_manager() {
if (!session_id())
session_start();
// Get variables in query string
$_SESSION['action'] = (isset($_GET['action']) ? $_GET['action'] : '');
$user_geo_data = get_geoip_record();
$_SESSION['user_geo_location'] = get_object_vars($user_geo_data);
}
When functions.php is fired from jquery.php, it seems that session_id() returns false, thus I create a new session.
Is there a way to keep using the same session?
UPDATE 2
It seems that WP config kills all GLOBAL variables when initialized.
http://wordpress.org/support/topic/wp-blog-headerphp-killing-sessions
Wordpress can use its own session handler, and overrides the default session handler to do so. So in essence you've got two different sessions, even though they share the same ID. The cookie path is merely how the client-side cookie operates. What you need to check is session_save_path(), and check if WP is running sessions through the database instead of the default file handler.
The reason two sessions are fired up is because the first one is browser-based (through a cookie) and the second one, with Ajax, is essentially server-side and doesn't have access to the session cookie.
The session cookie is where the session ID is stored and is used to identify an existing session. A server-side Ajax script doesn't have access to the browser's cookies, thus fires up a new session.
It can be worse if the main script uses an alternate session "save handler" than the Ajax script, resulting in two separate sessions, stored in two different places.