Passing SESSIONS with trans_sid switched off
Paul
so I am passing the session ID manually through a hidden input field. This
is what I have so far.
index.php page contains:
<?php
$_SESSION['entered_username'] = "";
$_SESSION['login'] = "";
$PHPSESSID = session_id();
echo "<form method='POST' action='login.php'>
<b>Username:</b>
<input type='text' name='username'>
<b>Password:</b>
<input type='password' name='password'>
<input type='hidden' name='PHPSESSID' value='$PHPSESSID'>
<input type='submit' value='Login'>
</form>";
?>
Now, viewing the source with this page open in the browser, I can see that
the session ID is in the hidden field. According to the book I'm reading,
"PHP will automatically get $PHPSESSID without anymore programming from you
on the login page"
The part of the next page (login.php) that is processing the login is as
follows:
if(mysql_num_rows($result) == 1)
{
$_SESSION['entered_username'] = $_POST['username'];
$_SESSION['login'] = 'yes';
header('refresh: 3; url=member.php');
echo "<h2><center>You have been validated. Please wait, logging you in. .
.</h2><br>
<center>If your browser doesn't support redirection and you're still here in
3 seconds, <a href='member.php'>click here</a></center>";
}
else
{
header('refresh: 5; url=index.php');
echo "<b><u><center>Login failure </b></u><br>Username/Password mismatch.
Sit tight, we're sending you back to the login page in 5 seconds.<br>
If your browser doesn't support redirection and you're still here in 5
seconds, <a href='index.php'>click here</a></center>";
}
Now we get to the member.php page and the following happens:
Notice: Undefined index: login in C:\Web\member.php on line 10
Line 10 reads:
if ($_SESSION['login'] != 'yes')
{
echo "<b><u><center>You haven't logged on!</b></u><p>
<a href='index.php'>Click Here</a> to return to the login page";
exit();
}
This is where it kicks me out. The code on the member.php page is designed
to stop users doing anything before they log in but unless I can pass the
session data between pages, the result of the if statement will always be
false.
Even more odd is the fact that it works in Internet Explorer and not
Mozilla. Now I trust Mozilla's standards far more than IE so I really want
to make it work in Mozilla.
Sorry this is such a long post, I tried to keep it as short as possible but
give enough information to make it make sense.
So what am I missing? And what is IE doing that Moz isn't?
Thanks for any suggestions.
Peter James
ini_set() at the beginning of each page...
ini_set("session.use_cookies", "off");
ini_set("session.use_trans_sid", "on");
This will automagically append the session id to all relative URL's tha it
can identify, as well as adding it into a hidden form variable for you. You
don't need to do it manually.
Second, you're not passing the session id when you redirect. Writing the
header like that doesn't get rewritten by PHP or your routine. If you are
not using cookies, you won't have access to the session id on the next page
(the one you redirect to). Even with trans_sid, you'll have to manually
include your session id in the header.
HTH.
Pete.
--
--
Peter James
Editor-in-Chief, php|architect Magazine
pe...@phparch.com
php|architect
The Magazine for PHP Professionals
http://www.phparch.com
"Paul" <Pa...@here.com> wrote in message
news:bhm410$bp7$1...@titan.btinternet.com...
Paul
exactly is happening here. At the moment, I am using session.auto_start = 0
in php.ini. Should I now switch this back to 0?
And if I add ini_set("session.use_cookies", "off"); and
ini_set("session.use_trans_sid", "on"); to the start of each page, does it
temporary turn on trans_sid for that browsing session?
Lastly, when you say "This will automagically append the session id to all
relative URL's that it can identify, as well as adding it into a hidden form
variable for you", how is the session ID passed then? Where am I defining a
variable that can be used on the next page? How does it identify "relative
URLs"? I've only been at this a month so I'm a bit green.
Thanks for your help.
"Peter James" <pe...@shaman.ca> wrote in message
news:vjt7rvh...@corp.supernews.com...
Peter James
and session.use_trans_sid values in the php.ini file.
auto_start means that a session is started every time... it is very common
to leave this off, and just use session_start() when you need sessions. If
you use auto_start, you should also set the use_cookies, etc values in the
php.ini file.
As far as appending the session id, PHP will handle it all for you. If you
start a session (either auto_start or session_start() ) and create a form on
a page that's using trans_sid, and then check your page source in the
browser, you should see a hidden field called PHPSESSID in your form.. One
that you _didn't_ add yourself. It's very cool. Relative URL's are
essentially just URLs that don't have a host in them. http://foo.com is not
a relative url, but /bar/index.php is.
If you have trans_sid on, and you submit the above form and start the
session on the submitted-to page, then all the $_SESSION vars that you set
on the previous page will be available to you on your submitted-to page.
Does that clear anything up, or make it cloudier? :-)
Pete.
--
--
Peter James
Editor-in-Chief, php|architect Magazine
pe...@phparch.com
php|architect
The Magazine for PHP Professionals
http://www.phparch.com
"Paul" <Pa...@here.com> wrote in message
news:bhm82m$gvi$1...@hercules.btinternet.com...
Paul
That kinda cleared things up. Time, error and play will help me figure out
exactly whats happening but I get the jist of it now.
Thanks for your help.
"Peter James" <pe...@shaman.ca> wrote in message
news:vjt9qo...@corp.supernews.com...
Paul
Thats pretty cool how you can temporarily change php settings. At present I
am writing my webpage on my local machine but in time will upload it to my
host. My question is, if session.use_cookies and session.use_trans_sid are
enabled on the server and I enter ini_set("session.use_cookies", "off"); and
ini_set("session.use_trans_sid", "on"); on the top of each of my web pages,
will it have any unexpected effects?
Thanks again.
"Paul" <Pa...@here.com> wrote in message
news:bhm9hr$kr5$1...@titan.btinternet.com...
Peter James
--
--
Peter James
Editor-in-Chief, php|architect Magazine
pe...@phparch.com
php|architect
The Magazine for PHP Professionals
http://www.phparch.com
"Paul" <Pa...@here.com> wrote in message
news:bhmaet$l1c$1...@hercules.btinternet.com...
Paul
suggested. My index.php now looks like this:
<html>
<head>
<title>Welcome</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1"></head>
<?php
session_start();
$_SESSION['entered_username'] = "";
$_SESSION['login'] = "";
echo "<form method='POST' action='login.php'>
<p
align='center'> <b> &nbs
p;
<font size='2'>
Username: </font></b>
<font size='2'>
<input type='text' name='username' size='13' style='height: 20'>
<b>Password: </b>
<input type='password' name='password' size='13' style='height: 20'>
<input type='submit' value='Login'></font>
<font size='2'><b>Not a member?</b> Sign up <a
href='register.html'>here</a></font>
<p align='center'><font size='2'><b>Forgotten your password?</b> <a
href='password_reminder.php'>Click
here</a> to have it e-mailed to you. </font>
</form>";
?>
<H1>Header 1</H1>
<H2>Text about something</H2>
Viewing the source of the page I don't see a hidden field with the SID in it
(see below). What am I doing wrong?
<html>
<head>
<title>Welcome</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1"></head>
<form method='POST' action='login.php'>
<p
align='center'> <b> &nbs
p;
<font size='2'>
Username: </font></b>
<font size='2'>
<input type='text' name='username' size='13' style='height: 20'>
<b>Password: </b>
<input type='password' name='password' size='13' style='height: 20'>
<input type='submit' value='Login'></font>
<font size='2'><b>Not a member?</b> Sign up <a
href='register.html'>here</a></font>
<p align='center'><font size='2'><b>Forgotten your password?</b> <a
href='password_reminder.php'>Click
here</a> to have it e-mailed to you. </font>
</form>/n<H1>Header 1</H1>
<H2>Text about something</H2>
</body>
</html>