I am passing my session ID thru a flash file to a php file and I am capturing the session ID on the other side and replace the newly generated ID by the old one.
$SID = $_GET['mysession'];
session_id($SID);
session_start();
Unfortunately the session is now empty and I don't get why.
print_r($_SESSION);
returns just a 1. All variables from the session are empty/do not exists.
Anyone an idea how to catch the data again?
PHP Version 5.2.6-1+lenny12 with Apache.
Thanks
David
I think you need to use session_start(); before you set anything in the session.
use it like this,
session_start();
$SID = $_GET['mysession'];
session_id($SID);
This says, enable session handling on this page and starts a session. after that you are fetching your previous session id and then assigning the same session id to this session.
Hope, it helps you.
Related
i have searched and searched and read and read a lot about what exactly session_destroy does ! but no result at least for me ! first read the details below :
When a session is created (session_start) a file is created with a
unique identifier that is given to the user as a cookie, when
variables in the $_SESSION array are modified or added the temporary
file is updated with that information so that it can be used somewhere
else on the website.*
session_destroy* will delete this file, this is commonly done for when
a user logs out of your website so that the (now useless and
unnecessary) file isn't taking up space.
we know that session id is stored in session cookie and as the tutorials say , session destroy removes the session cookie file (that includes session_id ) so why when i started a new session it didn't generate a new id ! it makes me confused ! look at the example :
<?php
session_start();
echo session_id();
session_destroy();
session_start();
echo "---".session_id();
?>
result : l4k80dkrl5kd6cdlobhbu5s3i1---l4k80dkrl5kd6cdlobhbu5s3i1
so it gives me the session id same as the previous one .
so what does session_destroy really do !! ?
thanks in advance
From PHP documentation:
It does not unset any of the global variables associated with the
session, or unset the session cookie.
So after session_destroy() the cookie that holds the session id is still alive, and just the session file will be deleted. So start_session() tries to find the file for the session id in the cookie, and it fails of course, and it just creates a new empty file for that. So your id does not change.
If you really want to change that, try to delete the cookie.
You are almost correct about what you have said, BUT if you destroy the session and the script ends in PHP, thats the time file is deleted. If you just try to destroy and create it again, it uses the same file/session ID.
Its not only the file that is created, but also the file contains all the data you are storing in the session. Have a look at your session data in your server, its very interesting.
Update
More interesting things you can do. Write a PHP file
<?php
session_start();
sleep(29000);//delete the session after 29 seconds
session_destroy();
?>
Now have a look at the session file, it should be deleted after 20 seconds.
Do
<?php session_start(); ?>
and go to google chrome, and remove the cookie manually from there. The session won't be available anymore.
<?php session_destroy(); ?> will not destroy the cookies on the
client side. Next time you create a session, it will just use the same
old information. This is the prime reason of your question.
Do
file1:
<?php session_start(); $_SESSION['test'] = "A"; ?>
file2:
<?php session_start(); $_SESSION['test'] = "B"; ?>
resultFile:
<?php session_start(); echo $_SESSION['test']; ?>
Now from two computers, access your website with file1 on one computer and file2 on another. From google chrome, switch their cookie information and see how session A is assigned to B and B is assigned to A.
I installed a pre-built forum on my website and I want (in a diffrent page) to check if the forum's session is active.
Something like :
if (isset($_SESSION['forum'])) { echo "Session is active!"; }
Problem is - I don't know the sessions name...
Tried downloading some chrome add-ons for session managing but I can't get the name of the session.
Whats the right way of doing this?
Thanks ahead!
You can see the dump of $_SESSION variable
var_dump($_SESSION);
session_name() will give you the session name, that usually is defined in php.ini. By default it is always: PHPSESSID. This name is used as cookie name or as POST/GET variable name.
session_id() will give you the identifier for the current session. It will be the contents of the cookie or POST/GET variable.
Then you have $_SESSION that will contain all your session data. use print_r() to see what you have stored in it so far.
To know if session vars are set you can also just do if(isset($_SESSION)&&count($_SESSION))
try
print_r ($_SESSION);
taht way you'll see all sessions
<?php
session_start();
print_r($_SESSION);
?>
Use this to see which session variables are currently set.
You need to check that the session is currently active, and then that the forum key is defined
if ( ! ($sid = session_id()) {
session_start(); // open session if not yet opened
$sid = session_id(); // get sid as session ID
}
// $sid contains the session ID (in cookie)
if (isset($_SESSION['forum'])) {
// forum is defined
}
See also the answer from this page
How can I switch to a previously saved session using Zend\Session\SessionManager? I know the session ID.
For example, this doesn't work:
$sm->start();
$sm->setId('abc');
$_SESSION will not contain the data of session 'abc'. Calling $sm->writeClose() after $sm->start() doesn't help either.
I can easily do this using standard PHP functions:
session_start();
session_write_close();
session_id('abc');
session_start();
//$_SESSION is populated with 'abc' data.
Zend uses session namespaces for that. If you give the session a name like this
$sess = new Zend_Session_Namespace('abc');
you can access the contents via $sess->var and reload the session in a different PHP file just by creating the new session with the same name again.
http://framework.zend.com/manual/1.12/de/zend.session.basic_usage.html
I have this query in mysql in a php page:
mysql_query("INSERT INTO tz_todo SET text='".$text."',
position = ".$position.",
user_id=".$_SESSION['user_id'].",
view_stat=0");
I tried to echo the query and the result is this:
INSERT INTO tz_todo SET text='trial text', position = 21, user_id=, view_stat=0
it seems that it can't get the session value of user_id.
And $_SESSION['user_id'] is not working in social engine. How to correct this? I also made a localhost version in my xampp and everything is fine but when I converted it into social engine, session is not working.
In any page where you are using session objects, place this code at the beginning of the file:
if(!isset($_SESSION)){session_start();}
This way if the session is not already started, it starts it; otherwise it ignores the session start if the sesion is already started.
This is important because calling session_start() if session is started already can sometimes cause errors.
That's how I get my user id through session
session_start();
$userID = $viewer->getIdentity();
$_SESSION['user_id'] = $userID;
echo $_SESSION['user_id'];
Using session to store the user_id is totally wrong. To gain a user_id try
$viewer_id = Engine_Api::_()->user()->getViewer()->getIdentity(); (or $user->getIdentity if you have another user's object).
If you still need to use session for storing this data, use Zend-approach.
session_start();
$_SESSION["test"] = "hello world";
session_start();
echo $_SESSION["test"];
does above code work ? if not, check your session.save_path in the php.ini
NOTE: to retain this variable remember to call session_start() on each php script/page before calling for the variable from the session.
Yoy might be forget to start your session at the top of the page
<?php if(!isset($_SESSION)){ session_start(); } ?>
$_SESSION['user_id'] might not stored a value. check your login page (Basically after login session variables will set) or after register weather you assigned a value to that session variable..
setting a value to a session variable :
$_SESSION['user_id'] = "1234567";
I'm trying to get my script to use url session id instead of cookies.
The following page is not picking up the variable in the url as the session id.
I must be missing something.
First page http://www.website.com/start.php
ini_set("session.use_cookies",0);
ini_set("session.use_trans_sid",1);
session_start();
$session_id = session_id();
header("location: target.php?session_id=". $session_id );
Following page - http://www.website.com/target.php?session_id=rj3ids98dhpa0mcf3jc89mq1t0
ini_set("session.use_cookies",0);
ini_set("session.use_trans_sid",1);
print_r($_SESSION);
print(session_id())
Result is a different session id and the session is blank.
Array ( [debug] => no ) pt1t38347bs6jc9ruv2ecpv7o2
be careful when using the url to pass session ids, that could lead to session hijacking via the referer!
It looks like you just need to call session_start() on the second page.
From the docs:
session_start() creates a session or resumes the current one based on the current session id that's being passed via a request, such as GET, POST, or a cookie.
EDIT:
That said, you could also try manually grabbing the session id from the query string. On the second page you'd need to do something like:
ini_set("session.use_cookies",0);
ini_set("session.use_trans_sid",1);
session_id($_GET['session_id']);
print_r($_SESSION);
print(session_id());
Note that the session_id() function will set the id if you pass it the id as a parameter.
Instead of hardcoding 'PHPSESSID', use this:
session_id($_GET[session_name()]);
My issue was using Flash in FF (as flash piggy backs IE, so sessions are not shared between the flash object and firefox)
Using php 5.3 all these answers pointed at the truth. What I finally found to work was pretty simple.. pass the id in the query string. Set it. THEN start the session.
session_id($_GET['PHPSESSID']);
session_start();
Just a little correction ...
Don't forget to check param if it exists.
This worked for me well.
if (isset($_GET['PHPSESSID'])) {
session_id($_GET['PHPSESSID']);
}
session_start();