Ok so my main page has a session. I am using the session id to query the database.
Now when I post to a page I have session_start() at the top but when I echo the session_id() on the main page and on the page that was posted to they are 2 different values. Why is it changing the session_id()?
Is there a way to make it keep the original value?
EDIT:
index.php
<?php
session_start();
echo session_id();
?>
<form method="post" action="post.php">
<input type="text" name="some_field" />
</form>
post.php
session_start();
echo session_id();
The session_id in index.php is different from the one in post.php!
are you sure your browser is accepting cookies like it should be ? To make sure you try in a different browser then your usual one
sounds like you are some how changing the name of the session, or you need to change the name of teh session.
why not output the name of teh session as well as its ID
eg:
echo session_name();
echo "<br/>";
echo session_id();
if some hwere your session name is being changed, you will have to use that name all the time. PHPSESSID is teh default name for the session. SESSf9a1dfbab4f36b89eaf8b74ce485ad62 sounds like something you have changed it too..
you could also check session_id() to see what value is being stiored in the name. you can explicitly set all of tehse values, and if something in your code is doing so, you had better track it down.
(I am asuming that there is more to your code than what you put up)
http://www.php.net/manual/en/function.session-id.php says:
Note: When using session cookies, specifying an id for session_id()
will always send a new cookie when
session_start() is called, regardless
if the current session id is identical
to the one being set.
and
If id is specified, it will replace
the current session id. session_id()
needs to be called before
session_start() for that purpose.
Depending on the session handler, not
all characters are allowed within the
session id.
Related
I am having problem in maintaing value of variable through several pages(actually through same page but through many refresh).
The first time I get navigated to new page the value of variable is preserved and can be used by echo,but after refreshing the page that value cannot be reused,it shows error that the variable has no value.
I am making a webapp for chatting in php.
I want to show the name of user(sender) on every page(every page of sending message). So I am using code
<?php
$writtervar = $_POST['writter'];
echo $writtervar;
?>
I am taking input through a separate page,code is
<form action="ddd.php" method="post">
Enter your name <input type="text" name="writter" >
<input type="submit" id="submit" value="Press" >
</form>
HTTP is stateless. $_POST array is populated when a user makes a request. If you want to have access to a value accross web views, read on setcookie or sessions.
If you don't want to use cookies, you'll need to resend your parameters on every request (probably obscured some way). Or send an identifier on every request an keep your info server (you can do that with php sessions anyway). But doing that is not convenient nor secure.
You can use session. base on your code you can try this:
In start page (ddd.php) you have to set your session values.
<?php
session_start();
$_SESSION["writer"] = $_POST["writter"];
?>
...
in other page use your session values as e.g:
<?php
session_start();
...
echo $_SESSION["writer"];
?>
Note that unset and destroy your session at the end off your work.
<?php
// remove all session variables
session_unset();
// destroy the session
session_destroy();
?>
You can set a cookie
$value = 'something from somewhere';
setcookie("TestCookie", $value);
and get the value:
echo $_COOKIE["TestCookie"];
You can also use sessions:
session_start();
// Set session variables
$_SESSION["TestSession"] = $value;
// Get session
echo $_SESSION["TestSession"];
You'd better use a framework like Laravel that can help you handle sessions, forms, redirect with values etc.
You can find the documentation on php.net
I made a simple registration page, which after validation, adds a unique identifier to the session id to identify the user and also sets a session variable 'UID' to a custom value. Then the script redirects to a new page.
$_SESSION['UID'] = $id;
session_id($sessID);
echo session_id();
session_write_close();
header("Location: https://localhost/AccountWebsite/landing.php");
exit();
?>
The landing page is supposed to be accessible only by members (i.e. those with a special unique session id set by my script), and that functionality wasn't working. So to check why, at the moment I allow anyone to access the page and their session id is echoed, and so is the 'UID' session variable.
<?php
session_start();
echo session_id()."\n";
echo $_SESSION['UID'];
?>
Now, when I echo the id it isn't the one I set myself. It is the generic PHP one, and the variable doesn't exist. During debugging, I commented out the redirect in the registration script, and instead had it echo the session id that it had just set. The echoed id is correct (obviously since it's echoed in the script it's set in), although when I enter the cookie manager on Firefox, it displays the session id as the generic php one, which means the session is reset when the first script ends and not between sessions.
Make sure session_start(); is called before any sessions are being
called. So a safe bet would be to put it at the beginning of your
page, immediately after the opening php tag before anything else.
Also ensure there are no whitespaces/tabs before the opening php
tag.
After the header redirect, end the current script using exit(); (Others have also suggested session_write_close(); and
session_regenerate_id(true), you can try those as well, but I'd use
exit();)
Make sure cookies are enabled in the browser you are using to test it on.
Ensure register_globals is off, you can check this on the php.ini file and also using phpinfo(). Refer to this as to how to turn it off.
Make sure you didn't delete or empty the session
Make sure the key in your $_SESSION superglobal array is not overwritten anywhere
Make sure you redirect to the same domain. So redirecting from a www.yourdomain.com to yourdomain.com doesn't carry the session
forward.
Make sure your file extension is .php (it happens!)
I have done all of the above from dayuloli's answer on this post
and have been debugging all day. Please help, why does the session not keep the id and variable values I set to it by the end of the script and sccross the whole server?
Additional info: I tried another example folder (on htdocs) where one page sets a variable and the other echoes it, and it worked.
You don't need to set a session_id unless you want multiple sessions. If you do specify a session_id, you need to call session_start() afterwards to start using it and submit the cookie into the client's browser.
Beyond that explanation, you need to use session_start() at the top of any script that requires sessions.
From http://php.net/manual/en/function.session-id.php:
session_id() needs to be called before session_start()
session_id() will always send a new cookie when session_start() is
called
Newbie question, but I'm wondering if I'm missing something elementary here.
If I register a session variable in a page - isn't this variable supposed to be accessible from another page on the same site?
First, I register a variable in the file session_var_register.php:
<?php
$_SESSION["myusername"] = 'user';
if (isset($_SESSION['myusername'])) {
echo 'Session var myusername is set to '.$_SESSION['myusername'];
}
?>
When I open this page, it writes:
Session var myusername is set to user
As expected.
Then I open another tab and another page, check_session_var.php:
<?php
if (isset($_SESSION['myusername'])) {
echo 'Session var myusername is set to '.$_SESSION['myusername'];
}
?>
This page is blank.
Isn't the point of a session variable that it should be accessible in the browser session, until the session is programatically destroyed or the browser closed?
I'm using IE 8 and Firefox 24, btw. Identical results.
You forgot
session_start()
On top, before using
$_SESSION
PS: Remember to call session_start() in every page you want to use $_SESSION.
The PHP docs state that you must call session_start() to start or resume a PHP session. This must be done before you try to access or use session variables. Read more here.
session_start();
Your session variables will be available on different pages of the same site but on top of each of these pages you must have at least:
session_start();
It works but not in all cases. You must also use the same session name (essentially a cookie name that stores id of your session) on all pages. Moreover cookies (which are essential (mostly) for sessions to work) may be made visible only in specific directory. So if for example you share the same host with other guys that use sessions too you do not want to see their variables and vice versa so you may want to have sth like that:
1) session_name( 'my_session_id' );
2) session_set_cookie_params( 0, '/my_dir', $_SERVER['HTTP_HOST'], false, true );
3) session_start();
You may also want to see your session variables on other servers and in such case custom session handlers may be useful. Take a day or two to implement yourself - great way to understand how sessions work hence I recommend.
Method
session_start();
Description
session_start() creates a session or resumes the current one based on a session identifier >passed via a GET or POST request, or passed via a cookie.
Usage in your case (and in the most of cases):
Put it before the $_SESSION usage.
Reference: session_start()
First Of all start session on that page
session_start();
your page like this way
<?php
session_start();
if (isset($_SESSION['myusername'])) {
echo 'Session var myusername is set to '.$_SESSION['myusername'];
}
?>
I installed a pre-built forum on my website and I want (in a diffrent page) to check if the forum's session is active.
Something like :
if (isset($_SESSION['forum'])) { echo "Session is active!"; }
Problem is - I don't know the sessions name...
Tried downloading some chrome add-ons for session managing but I can't get the name of the session.
Whats the right way of doing this?
Thanks ahead!
You can see the dump of $_SESSION variable
var_dump($_SESSION);
session_name() will give you the session name, that usually is defined in php.ini. By default it is always: PHPSESSID. This name is used as cookie name or as POST/GET variable name.
session_id() will give you the identifier for the current session. It will be the contents of the cookie or POST/GET variable.
Then you have $_SESSION that will contain all your session data. use print_r() to see what you have stored in it so far.
To know if session vars are set you can also just do if(isset($_SESSION)&&count($_SESSION))
try
print_r ($_SESSION);
taht way you'll see all sessions
<?php
session_start();
print_r($_SESSION);
?>
Use this to see which session variables are currently set.
You need to check that the session is currently active, and then that the forum key is defined
if ( ! ($sid = session_id()) {
session_start(); // open session if not yet opened
$sid = session_id(); // get sid as session ID
}
// $sid contains the session ID (in cookie)
if (isset($_SESSION['forum'])) {
// forum is defined
}
See also the answer from this page
I'm trying to get my script to use url session id instead of cookies.
The following page is not picking up the variable in the url as the session id.
I must be missing something.
First page http://www.website.com/start.php
ini_set("session.use_cookies",0);
ini_set("session.use_trans_sid",1);
session_start();
$session_id = session_id();
header("location: target.php?session_id=". $session_id );
Following page - http://www.website.com/target.php?session_id=rj3ids98dhpa0mcf3jc89mq1t0
ini_set("session.use_cookies",0);
ini_set("session.use_trans_sid",1);
print_r($_SESSION);
print(session_id())
Result is a different session id and the session is blank.
Array ( [debug] => no ) pt1t38347bs6jc9ruv2ecpv7o2
be careful when using the url to pass session ids, that could lead to session hijacking via the referer!
It looks like you just need to call session_start() on the second page.
From the docs:
session_start() creates a session or resumes the current one based on the current session id that's being passed via a request, such as GET, POST, or a cookie.
EDIT:
That said, you could also try manually grabbing the session id from the query string. On the second page you'd need to do something like:
ini_set("session.use_cookies",0);
ini_set("session.use_trans_sid",1);
session_id($_GET['session_id']);
print_r($_SESSION);
print(session_id());
Note that the session_id() function will set the id if you pass it the id as a parameter.
Instead of hardcoding 'PHPSESSID', use this:
session_id($_GET[session_name()]);
My issue was using Flash in FF (as flash piggy backs IE, so sessions are not shared between the flash object and firefox)
Using php 5.3 all these answers pointed at the truth. What I finally found to work was pretty simple.. pass the id in the query string. Set it. THEN start the session.
session_id($_GET['PHPSESSID']);
session_start();
Just a little correction ...
Don't forget to check param if it exists.
This worked for me well.
if (isset($_GET['PHPSESSID'])) {
session_id($_GET['PHPSESSID']);
}
session_start();