I'd like to inspect the session variable. Best case something that works in the firebugs little interpreter, but if I have to put it in the file thats fine. Right now I just made a short PHP to output $_SESSION, but if I could find something analogous to be done right in the browser that would be ideal. document.cookie doesn't seem to do what im looking for, at least not that i see.
Basically looking for something analogous to $_SESSION that I can use in javascript
EDIT - was trying to see if i could get anything more than, or extract the meaning PHPSESSID=o147cf52u9d7qr251hc3n6ilu2; ASESSIONID=101wvpe-3FA77F204CFF55BA61E696AD3F62F0F8 on the client-side. As it stands I guess i can just write a small ajax function to a url that echos the session. Thanks for the help!
PS - Do those document.cookie values have anything to do with whats inside the session, or are they just identifiers to tell one session from another?
Session data is stored on the server. It isn't accessible to client-side JavaScript unless you manually expose it (e.g. by writing a PHP program that dumps it to JSON and delivers it over HTTP).
The browser just gets a cookie containing a token that identifiers which packet of session data the server side programs should open for a given client.
Just look at what cookies are set in your browser: Firefox,
Chrome, etc.
Edit: oooh, after re-reading your question, you want to ACCESS the session data.
That's not possible via JavaScript for very good reason. XSS would be a breeze. Besides, the data is stored on the server, which JS has no access to (thankfully).
It's not possible to do what you're asking.
I am using FirePHP to debug variables from my Ajax calls, maybe it is what you are looking for?
You can't access PHP sessions within JavaScript directly. You could however make an Ajax call to a PHP script which will return the PHP sessions. This is your best option.
Related
Is it possible start Session with out using any server side scripting like PHP.
I want start SESSION with pure HTML/HTML5./Javascript.. ?
Thanks Advance. :)
The usual meaning of the term "session" in web development is "A bucket of information stored on the server that is linked to a specific user via a token". Since the definition requires a server to be involved, no you cannot achieve that without a server.
You can store the data in a session cookie (one without an explicit expiry time that will die when the browser is closed).
In modern browsers, you can store larger amounts of data using sessionStorage.
You could set a COOKIE with Javascript (http://www.w3schools.com/js/js_cookies.asp).
If you really want a PHP Session without PHP, that's impossible. A Cookie is the closest you'll get.
On the topic of Cookies, these are stored locally on the users system and can be edited. I do not reccomend using this method if you need good security. See this blog post explaining more on this matter:
http://www.nczonline.net/blog/2009/05/12/cookies-and-security/
No its not possible. What you use in PHP is the PHP session handler.
In javascript you can use cookies to store some small data.
I'm trying to rewrite a snipped of PHP into JavaScript, ideally passing as few as possible variables between the two. Are there any super-global variables in JavaScript that give similar information to the PHP $_SERVER array?
In JavaScript, location seems to give me a bit of useful information but what about something like the PHP equivalent of $_SERVER['HTTP_REFERER']? I also have jQuery as a resource.
window.location can be read or set and comes with properties such as .pathname, .search, .protocol, et cetera -- each of which will provide that particular aspect of the URL as a read-only value.
document.referrer will provide the referring URL as a string. If you want the domain/path/query/et cetera to be separated from one another, you will need to do that yourself, or use a library which will provide it.
document.cookie will provide you a semicolon-delimited list of user/server-set cookies.
Again, turning that into an array or an object is on your own shoulders.
Your cookie string also has no access to expiration-times, nor applicable paths the particular cookie is set for -- security.
For most of the rest of the data, you're going to have to talk to the server -- the browser likes to keep client-side script in the dark about things (like the user's IP, or session-variables, or anything else which can be turned into a security-risk).
This will get you the referrer -
document.referrer
But I think you are looking at this in the wrong way - JavaScript and jQuery are run client side - if you want server variables accessible - you'll have to pass them to the script - possible by means of an AJAX call. You say that you have jQuery available - so you can use the .ajax() function to retrieve all the server data you'll need.
I want to put in the PHP session an information if the client uses HTML5 or not.
My HTML5 detection is launched only 1 time and need to store the information in the PHP session, sending from HTML to PHP is easy with a simple cookie, but if the client doesn't accept cookies it's harder.
Sending a GET variable to php is a possibility but on the 1st load we don't have the information.
Or maybe there is another way to store an information without PHP that works on none-cookied browsers ?
Thank you very much.
PHP sessions don't DEPEND on cookies, but they sure are a lot easier to work with. You can have PHP auto-embed the session ID into URLs for you, but it's a very nasty security hole - the user's session ID will leak onto any sites you link to via the referer, and makes it impossible to properly bookmark your site.
If you do want to chance that, then look up trans_sid settings in your php configuration.
So finally I did it differently.
Instead of detecting on the page itself that required me to call jQuery or other plugins, I call it from the main page and send the data to the called page.
Like that I got it in PHP on that page.
Normally I try to format my question as a basic question and then explain my situation, but the solution I'm looking for might be the wrong one altogether, so here's the problem:
I'm building a catalog application for an auction website that has the ability to save individual lots. So far this has worked great by simply creating a cookie with a comma-separated list of IDs for those lots, via something like this:
$_COOKIE["MyLots_$AuctionId"] = implode(",",$arrayOfIds);
The problem I'm now hitting is that when I go to print the lots, I'm using wkhtmltopdf through the command-line to request the url of the printout I want, like this:
exec("wkhtmltopdf '$urlofmylots' filename.pdf");
The problem is that I can't pass a cookie to this call, because Apache sees an internal request, not the request of the user. I tried putting it in the get string, but once I have more than a pre-set limit for GET parameters, that value disappears from the $_GET array on the target url. I can't seem to find a way to send POST data between them. My next possible ideas are the following:
Maybe just pass the sessionID to the url, and see if there's a way that I can use PHP to dig through the cookies for that session and pull the right cookie, but that sounds like it'd be risky security-wise for a PHP server to allow (letting one session be aware of another). Example:
exec("wkhtmltopdf '$urlofmylots?sessionId=$sessionIdFromThisRequest' filename.pdf");
Possibly set a session variable and then pass that session Id, and see if I can use PHP to wade through that information instead (rather than using the cookie).
Would I be able to just create an array and somehow have that other script be aware of it, possibly by including it? That doesn't really solve the problem of wkhtmltopdf expecting a web-facing address as its first parameter.
(not really an idea, but some reasoning) In other instances of using this, I've just passed an ID to the script that generates the markup for wkhtmltopdf to parse, and the script uses that ID to get data from the database. I don't want to store this data in a file or the database for the simple purpose of transferring data from the caller to the callee in this case. Cookies and sessions seem cleaner since apache/php handle memory allocation for these sessions.
The ultimate problem here is that I'm trying to get my second script (referenced here by $urlofmylots) to be aware of data available to the calling script but it's being executed as if it were an external web request, not two php scripts being called from the web root.
Can anyone offer some insight here?
You might consider rendering whatever the output of $urlofmylots?lots=$lots_to_print would be to a temporary file and running wkhtmltopdf against that file.
the question is really simple, but i searched it many different ways and the results were not related to my question.
so if i have a session variable in a php file if i open an html page after that and then a php file again, will i be able to retrieve the data ? or do they all have to be adjacent?
I tried php->html->php but i couldn't get the variables on the other side. maybe Im doing something wrong.
Thanks in advance
Not 100% sure what you mean, but if by "open" you mean in the browser, the calls do not need to be adjacent. You just need to do a session_start() in every PHP script in which you want to use session data.
Adjacency is not something that is really relevant for this question.
in PHP way of things, sessions are essentially files that contain serialized data on the server. The browser that called a script containing session_start() call receives a special token that identifies the session on the server, and it is normally (though not necessarily) stored as a cookie.
This effectively means that any php script that uses session_start() and receives a session id (via cookie or otherwise) will read and could use session data, unless it was removed from the server file system between the calls, or the session has expired (frankly, I'm not sure whether PHP removes the expired sessions on the server side).
Accessing anything outside of this model with the browser (html page, or even other sites) will not affect it in any way, unless these actions change or remove session id.
yes...session variable can survive php->html->php.
But on every php page ...very first line should be session_start()
This easy way (I guess): Set a cookie storing the session ID on the first php page. This way, every other php page can access the session ID and use it to restore the stored data, not matter how many (even foreign) pages were in between.