Re: [PHP] Help with sessions problem please
Chris Shiflett wrote: --- John Holmes <[EMAIL PROTECTED]> wrote: header('Location: http://www.example.org/script2.php?".SID); He is human after all. :-) That's just a "rumour' I started... -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Help with sessions problem please [SOLVED]
Thanks guys for the help, adding SID to my iframe src solved my immediate problem. Am I correct in thinking then that the SID is automatically passed on relative URLs only within the same browser/[i]frame/window when use_trans_sid is enabled? Graham > -Original Message- > From: Chris Shiflett [mailto:[EMAIL PROTECTED] > Sent: 14 October 2004 11:03 > To: Jason Wong; [EMAIL PROTECTED] > Subject: Re: [PHP] Help with sessions problem please > > > --- Jason Wong <[EMAIL PROTECTED]> wrote: > > Use an absolute URL for header redirects. > > Glad to see someone else preaching the good HTTP gospel. :-) > > > You're passing the session id (SID) onto script2 but not to > > script3, if that's the only method by which you're propagating > > the session id then script3 is not going to have a session. > > I think Jason hit the nail on the head with this one, but you might not > understand the answer. While script3.php might seem to be within > script2.php, due to the visual layout you're providing with the iframe, > this is completely independent of the technical implementation, which is > that each is a separate resource. > > If that's confusing, think of an iframe as a little embedded browser. If > it fails to properly identify itself (via cookie or URL), then there is no > existing session to resume. Your call to session_start() will actually > create a new session every time script3.php is requested. > > Hope that helps. > > Chris > > = > Chris Shiflett - http://shiflett.org/ > > PHP Security - O'Reilly HTTP Developer's Handbook - Sams > Coming December 2004http://httphandbook.org/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help with sessions problem please
No I think it's more likely that one of his tentacles slipped Chris Shiflett wrote: --- John Holmes <[EMAIL PROTECTED]> wrote: header('Location: http://www.example.org/script2.php?".SID); He is human after all. :-) Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help with sessions problem please
--- John Holmes <[EMAIL PROTECTED]> wrote: > header('Location: http://www.example.org/script2.php?".SID); He is human after all. :-) Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help with sessions problem please
--- Jason Wong <[EMAIL PROTECTED]> wrote: > Use an absolute URL for header redirects. Glad to see someone else preaching the good HTTP gospel. :-) > You're passing the session id (SID) onto script2 but not to > script3, if that's the only method by which you're propagating > the session id then script3 is not going to have a session. I think Jason hit the nail on the head with this one, but you might not understand the answer. While script3.php might seem to be within script2.php, due to the visual layout you're providing with the iframe, this is completely independent of the technical implementation, which is that each is a separate resource. If that's confusing, think of an iframe as a little embedded browser. If it fails to properly identify itself (via cookie or URL), then there is no existing session to resume. Your call to session_start() will actually create a new session every time script3.php is requested. Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help with sessions problem please
Graham Cossey wrote: I'm having a bad day with sessions which hopefully someone can help me with. A user logs in to my 'site' (script1.php) and I store relevant details in a session, all fine. I redirect to another page (script2.php) which checks and retrieves certain session values, all fine. My problem is with script3.php which happens to be within an iframe in script2.php. When the user is automatically passed to that page, from log in, the session details are not available but if the user makes a (menu) selection the session values are available to script3.php within the iframe. help ! Simplified code: script1.php script2.php Your browser does not support the use of frames. [some code] ?> script3.php If you need any specific info on my config just ask and I'll try and supply it. You need to use full URLs in your header() redirects, first of all. header('Location: http://www.example.org/script2.php?".SID); Is a session cookie being set at all? You redirect to script2 and pass the SID in the URL, so that's why the session persists. You're not passing the SID in the URL for the source of the iframe leading to script3, so the script doesn't know what session to pick up. Try: -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help with sessions problem please
On Thursday 14 October 2004 17:35, Graham Cossey wrote: > A user logs in to my 'site' (script1.php) and I store relevant details in a > session, all fine. I redirect to another page (script2.php) which checks > and retrieves certain session values, all fine. My problem is with > script3.php which happens to be within an iframe in script2.php. When the > user is automatically passed to that page, from log in, the session details > are not available but if the user makes a (menu) selection the session > values are available to script3.php within the iframe. help ! > > Simplified code: > > script1.php >session_start(); > [some code] > $_SESSION['user'] = $_POST['user']; > [some code] > $hdr = "Location: script2.php?".SID; > header($hdr); > ?> Use an absolute URL for header redirects. You're passing the session id (SID) onto script2 but not to script3, if that's the only method by which you're propagating the session id then script3 is not going to have a session. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* I appoint you ambassador to Fantasy Island!!! */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Help with sessions problem please
I'm having a bad day with sessions which hopefully someone can help me with. A user logs in to my 'site' (script1.php) and I store relevant details in a session, all fine. I redirect to another page (script2.php) which checks and retrieves certain session values, all fine. My problem is with script3.php which happens to be within an iframe in script2.php. When the user is automatically passed to that page, from log in, the session details are not available but if the user makes a (menu) selection the session values are available to script3.php within the iframe. help ! Simplified code: script1.php script2.php Your browser does not support the use of frames. [some code] ?> script3.php If you need any specific info on my config just ask and I'll try and supply it. TIA Graham -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php