I'm trying to get my script to use url session id instead of cookies.
The following page is not picking up the variable in the url as the session id.
I must be missing something.
First page http://www.website.com/start.php
ini_set("session.use_cookies",0);
ini_set("session.use_trans_sid",1);
session_start();
$session_id = session_id();
header("location: target.php?session_id=". $session_id );
Following page - http://www.website.com/target.php?session_id=rj3ids98dhpa0mcf3jc89mq1t0
ini_set("session.use_cookies",0);
ini_set("session.use_trans_sid",1);
print_r($_SESSION);
print(session_id())
Result is a different session id and the session is blank.
Array ( [debug] => no ) pt1t38347bs6jc9ruv2ecpv7o2
be careful when using the url to pass session ids, that could lead to session hijacking via the referer!
It looks like you just need to call session_start() on the second page.
From the docs:
session_start() creates a session or resumes the current one based on the current session id that's being passed via a request, such as GET, POST, or a cookie.
EDIT:
That said, you could also try manually grabbing the session id from the query string. On the second page you'd need to do something like:
ini_set("session.use_cookies",0);
ini_set("session.use_trans_sid",1);
session_id($_GET['session_id']);
print_r($_SESSION);
print(session_id());
Note that the session_id() function will set the id if you pass it the id as a parameter.
Instead of hardcoding 'PHPSESSID', use this:
session_id($_GET[session_name()]);
My issue was using Flash in FF (as flash piggy backs IE, so sessions are not shared between the flash object and firefox)
Using php 5.3 all these answers pointed at the truth. What I finally found to work was pretty simple.. pass the id in the query string. Set it. THEN start the session.
session_id($_GET['PHPSESSID']);
session_start();
Just a little correction ...
Don't forget to check param if it exists.
This worked for me well.
if (isset($_GET['PHPSESSID'])) {
session_id($_GET['PHPSESSID']);
}
session_start();
Related
i'm having a bit of a problem. I'm trying to set up a simple webpage with only three .php pages. I want a session variable $_SESSION['userID'] to be set when a user is logged in and I want the index page to show extra info if someone is logged in.
On index.php I want to show some info, if a user is logged in I want to show some extra info.
login.php - simple log in form.
login_exe.php - takes care of database connection and verification.
So this was my idea:
On index.php, check if session is started, if not: start.
<?php
if (!isset($_SESSION)) {
session_start();
echo "session started";
}
later on, check if $_SESSION['userID'] contains a value, if so: print a string
if($_SESSION['userID'] != null){
echo "User logged in";
}
On login_exe.php i've almost the same code:
<?php
if (!isset($_SESSION)) {
session_start();
echo "session started";
}
in verification function:
$_SESSION['userID'] = $data['userID'];
header("Location: index.php");
The problem is that a new session is started on every page. How can I fix this and only start the session once? Thanks in advance
You should just put session_start() on top of documents that using sessions. Say, if you have 5 .php files that using sessions, then put 5 times the session_start() on top of them.
This is because session_start() sends headers and headers must be sent before any output (for example, any echo or whitespace).
Then, you should use something like isset($_SESSION["foo"]) and not just the entire $_SESSION array, where foo is something you set previously.
If you dont want sessions at all or need to reset the entire array, just call session_destroy() which effectively destroy the current session. Use unset($_SESSION["foo"]) when you want to get rid of a key.
Finally, you might get weird cases where you cannot read session key you write at. In these cases check what is the path of sessions and if they're writeable, or change their path:
$path = session_save_path(); // what is the path
is_writable($path); // can i write to it?
session_save_path("my/new/path"); // change the darn path;
// put -even- before session_start()!
:)
glad i help
I think the PHP manuals are really good compared to ...ahm, so just read about session_start(). It says:
session_start() creates a session or resumes the current one (...)
so all you need is session_start() very early in your code. This must be executed on every request (maybe as include).
Your code checking the userId looks fine, one important hint here: you should know exactly what isset(), empty() and the like mean in PHP, so always have the comparision of comparison at hand.
You should not ask new answers (edit: questions) in comments. Be as systematic here as you are in coding.
How to end a session:
This gives room for discussion, because there is the session cookie, which is client side, and the session data, which is server side.
I recommend:
$_SESSION = null;
Reason: this will clear all login and other associated data immediately. It leaves the cookie intact, which is normally of no concern, since all associated data is gone.
Newbie question, but I'm wondering if I'm missing something elementary here.
If I register a session variable in a page - isn't this variable supposed to be accessible from another page on the same site?
First, I register a variable in the file session_var_register.php:
<?php
$_SESSION["myusername"] = 'user';
if (isset($_SESSION['myusername'])) {
echo 'Session var myusername is set to '.$_SESSION['myusername'];
}
?>
When I open this page, it writes:
Session var myusername is set to user
As expected.
Then I open another tab and another page, check_session_var.php:
<?php
if (isset($_SESSION['myusername'])) {
echo 'Session var myusername is set to '.$_SESSION['myusername'];
}
?>
This page is blank.
Isn't the point of a session variable that it should be accessible in the browser session, until the session is programatically destroyed or the browser closed?
I'm using IE 8 and Firefox 24, btw. Identical results.
You forgot
session_start()
On top, before using
$_SESSION
PS: Remember to call session_start() in every page you want to use $_SESSION.
The PHP docs state that you must call session_start() to start or resume a PHP session. This must be done before you try to access or use session variables. Read more here.
session_start();
Your session variables will be available on different pages of the same site but on top of each of these pages you must have at least:
session_start();
It works but not in all cases. You must also use the same session name (essentially a cookie name that stores id of your session) on all pages. Moreover cookies (which are essential (mostly) for sessions to work) may be made visible only in specific directory. So if for example you share the same host with other guys that use sessions too you do not want to see their variables and vice versa so you may want to have sth like that:
1) session_name( 'my_session_id' );
2) session_set_cookie_params( 0, '/my_dir', $_SERVER['HTTP_HOST'], false, true );
3) session_start();
You may also want to see your session variables on other servers and in such case custom session handlers may be useful. Take a day or two to implement yourself - great way to understand how sessions work hence I recommend.
Method
session_start();
Description
session_start() creates a session or resumes the current one based on a session identifier >passed via a GET or POST request, or passed via a cookie.
Usage in your case (and in the most of cases):
Put it before the $_SESSION usage.
Reference: session_start()
First Of all start session on that page
session_start();
your page like this way
<?php
session_start();
if (isset($_SESSION['myusername'])) {
echo 'Session var myusername is set to '.$_SESSION['myusername'];
}
?>
I installed a pre-built forum on my website and I want (in a diffrent page) to check if the forum's session is active.
Something like :
if (isset($_SESSION['forum'])) { echo "Session is active!"; }
Problem is - I don't know the sessions name...
Tried downloading some chrome add-ons for session managing but I can't get the name of the session.
Whats the right way of doing this?
Thanks ahead!
You can see the dump of $_SESSION variable
var_dump($_SESSION);
session_name() will give you the session name, that usually is defined in php.ini. By default it is always: PHPSESSID. This name is used as cookie name or as POST/GET variable name.
session_id() will give you the identifier for the current session. It will be the contents of the cookie or POST/GET variable.
Then you have $_SESSION that will contain all your session data. use print_r() to see what you have stored in it so far.
To know if session vars are set you can also just do if(isset($_SESSION)&&count($_SESSION))
try
print_r ($_SESSION);
taht way you'll see all sessions
<?php
session_start();
print_r($_SESSION);
?>
Use this to see which session variables are currently set.
You need to check that the session is currently active, and then that the forum key is defined
if ( ! ($sid = session_id()) {
session_start(); // open session if not yet opened
$sid = session_id(); // get sid as session ID
}
// $sid contains the session ID (in cookie)
if (isset($_SESSION['forum'])) {
// forum is defined
}
See also the answer from this page
I am passing my session ID thru a flash file to a php file and I am capturing the session ID on the other side and replace the newly generated ID by the old one.
$SID = $_GET['mysession'];
session_id($SID);
session_start();
Unfortunately the session is now empty and I don't get why.
print_r($_SESSION);
returns just a 1. All variables from the session are empty/do not exists.
Anyone an idea how to catch the data again?
PHP Version 5.2.6-1+lenny12 with Apache.
Thanks
David
I think you need to use session_start(); before you set anything in the session.
use it like this,
session_start();
$SID = $_GET['mysession'];
session_id($SID);
This says, enable session handling on this page and starts a session. after that you are fetching your previous session id and then assigning the same session id to this session.
Hope, it helps you.
Ok so my main page has a session. I am using the session id to query the database.
Now when I post to a page I have session_start() at the top but when I echo the session_id() on the main page and on the page that was posted to they are 2 different values. Why is it changing the session_id()?
Is there a way to make it keep the original value?
EDIT:
index.php
<?php
session_start();
echo session_id();
?>
<form method="post" action="post.php">
<input type="text" name="some_field" />
</form>
post.php
session_start();
echo session_id();
The session_id in index.php is different from the one in post.php!
are you sure your browser is accepting cookies like it should be ? To make sure you try in a different browser then your usual one
sounds like you are some how changing the name of the session, or you need to change the name of teh session.
why not output the name of teh session as well as its ID
eg:
echo session_name();
echo "<br/>";
echo session_id();
if some hwere your session name is being changed, you will have to use that name all the time. PHPSESSID is teh default name for the session. SESSf9a1dfbab4f36b89eaf8b74ce485ad62 sounds like something you have changed it too..
you could also check session_id() to see what value is being stiored in the name. you can explicitly set all of tehse values, and if something in your code is doing so, you had better track it down.
(I am asuming that there is more to your code than what you put up)
http://www.php.net/manual/en/function.session-id.php says:
Note: When using session cookies, specifying an id for session_id()
will always send a new cookie when
session_start() is called, regardless
if the current session id is identical
to the one being set.
and
If id is specified, it will replace
the current session id. session_id()
needs to be called before
session_start() for that purpose.
Depending on the session handler, not
all characters are allowed within the
session id.