Re: [PHP] Session Vars not staying active
On Aug 3, 2013 3:03 PM, "dealTek" wrote: > > Hi all, > > > I am having trouble with session vars. > > I'm trying to implement the credit card direct pay method outlined here... > > http://developer.authorize.net/api/dpm/ > > - Basically, page 1 is my form that goes outside my site to the cc gateway company then comes back with a result... (PG2) > > Problem: if I try to create session vars on page 1 - they don't work on page 2. > > Am I correct in thinking that when this process leaves my site and goes to the gateway, then returns, it is similar to creating a new session and that is why the session vars don't remain active? > > Thanks in advance. Are you calling session_start() on both pages or at least using a session auto start? Also, is the API returning the data by redirecting the client (browser) or doing a postback? If the remote server is calling back behind the scenes, then you'll need a workaround and additional processing, or the ability to pass the session ID and assume the client-initiated session (not ideal). If it's all processed by the browser, the redirection should have no bearing, as the session will persist based upon the server-side data and the client-side cookie; the server will have no knowledge of the client's redirection to the payment gateway (nor any remote destination).
Re: [PHP] Session variable not persisting
Am 18.03.13 19:46, schrieb Éric Oliver Paquette:
> Hi all,
>
> I'll be swift in my explanation as I can't find in any way the source of the
> problem; it seems to be installation-related.
>
> At execution, sometimes (randomly it seems at first), variable session aren't
> properly stored.
>
> =
>
> First things first, about installation :
>
> uname -a -m -p yields :
>
> Linux cl-t180-253cl.privatedns.com 2.6.18-308.1.1.el5 #1 SMP Wed Mar 7
> 04:16:51 EST 2012 x86_64 x86_64 x86_64 GNU/Linux
>
> php -v yields :
>
> PHP 5.3.3 (cli) (built: Jun 27 2012 12:25:48)
> Copyright (c) 1997-2010 The PHP Group
> Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
>
> =
>
> To make sure it is not caused by any other part of my scripts, I just created
> two scripts that have replicated the problem :
>
> SCRIPT #1 [ping.php]
>
>
> session_start();
>
> if(count($_SESSION['in'])==0){
> $_SESSION['in'][0]='0-initiate';
> } else {
> $_SESSION['in'][] = count($_SESSION['in']).$_GET['push'];
> }
>
> if(count($_SESSION['in'])<1000){
> $rand = rand(0, 100);
> ?>
>
> } else {
> var_dump($_SESSION);
> }
>
> ?>
>
> SCRIPT #2 [pong.php]
>
>
> session_start();
>
> if(count($_SESSION['in'])==0){
> $_SESSION['in'][0]='0-initiate';
> } else {
> $_SESSION['in'][] = count($_SESSION['in']).$_GET['push'];
> }
>
> if(count($_SESSION['in'])<1000){
> $rand = rand(0, 100);
> ?>
>
> } else {
> var_dump($_SESSION);
> }
>
> ?>
>
> ##
>
> In fact, when I run this on my server I randomly have empty entries in the
> $_SESSION array. Any thoughts on this? Is this a known bug (haven't found it…)
>
> Thanks!
Just a thought that came to my mind: Have you disabled browser caching?
And about the "push" is undefined in the logs: How do you call the
script for the first time? With or with push parameter?
--
Marco Behnke
Dipl. Informatiker (FH), SAE Audio Engineer Diploma
Zend Certified Engineer PHP 5.3
Tel.: 0174 / 9722336
e-Mail: ma...@behnke.biz
Softwaretechnik Behnke
Heinrich-Heine-Str. 7D
21218 Seevetal
http://www.behnke.biz
signature.asc
Description: OpenPGP digital signature
Re: [PHP] Session variable not persisting
"Éric Oliver Paquette" wrote: > >Le 2013-03-18 à 15:41, Éric Oliver Paquette a écrit : > >> >> Le 2013-03-18 à 15:37, Matijn Woudt a écrit : >> >>> >>> >>> >>> On Mon, Mar 18, 2013 at 8:35 PM, Éric Oliver Paquette > wrote: >>> >>> Le 2013-03-18 à 15:24, Éric Oliver Paquette a écrit : >>> Le 2013-03-18 à 15:20, Matijn Woudt a écrit : > > > > On Mon, Mar 18, 2013 at 8:13 PM, Éric Oliver Paquette > wrote: > >> >> On Mon, Mar 18, 2013 at 7:46 PM, Éric Oliver Paquette > wrote: >> Hi all, >> >> I'll be swift in my explanation as I can't find in any way the >source of the problem; it seems to be installation-related. >> >> At execution, sometimes (randomly it seems at first), variable >session aren't properly stored. >> >> >> In fact, when I run this on my server I randomly have empty >entries in the $_SESSION array. Any thoughts on this? Is this a known >bug (haven't found it…) >> >> Thanks! >> >> What does phpinfo() show about session stuff? Especially things >like save_handler and cookie_lifetime settings. > > Note that this seems to occur 3 times out of 1000 on average. > > Now, about your request : > > session > > Session Support enabled > Registered save handlers files user > Registered serializer handlersphp php_binary wddx > > Directive Local Value Master Value > session.auto_startOff Off > session.bug_compat_42 Off Off > session.bug_compat_warn Off Off > session.cache_expire 180 180 > session.cache_limiter nocache nocache > session.cookie_domain no valueno value > session.cookie_httponly Off Off > session.cookie_lifetime 0 0 > session.cookie_path / / > session.cookie_secure Off Off > session.entropy_file no valueno value > session.entropy_length0 0 > session.gc_divisor10001000 > session.gc_maxlifetime14401440 > session.gc_probability1 1 > session.hash_bits_per_character 5 5 > session.hash_function 0 0 > session.name PHPSESSID PHPSESSID > session.referer_check no valueno value > session.save_handler files files > session.save_path /var/lib/php/session/var/lib/php/session > session.serialize_handler php php > session.use_cookies On On > session.use_only_cookies On On > session.use_trans_sid 0 0 > > > Your settings seem to be fine. My best guess would be hardware >failure, though it seems unlikely. Did you check apache (or whatever >webserver you're using) logs for any errors or warnings? Yes I did. Everyhting seems normal there too. >>> >>> Hm… Just noticed something new in fact; was looking a last time >before considering reinstallation on a new server: it seems that the >$_GET['push'] is undefined. In the other scripts I use where I have >this problem, I'm using $_POST variables though but still don't get >stored in $_SESSION. If I'm correct, this may implies that it is apache >that is faulty right? >>> >>> >>> >>> $_GET['push'] will be undefined if you still have your session >stored, but accessing the script directly. It should have nothing to do >with faulty Apache. >> >> Okay, let me paraphrase: when I run the ping pong scripts written up >there, I have a blank in var_dump($_SESSION) if and only if I have >> >> [Mon Mar 18 13:25:37 2013] [error] [client 184.151.114.111] PHP >Notice: Undefined index: push in >/home/www/www.ngenioconnect.com/Modules/MPOSurveyTest/pong.php on line >8 >> >> on apache log. So my question really is, it is apache that handles >the posts and gets requests, as I use both and it seems that the >non-persistence of data occurs before the storage in $_SESSION, is it >possible that it is Apache that is faulty? >Er… I looked where it caused a problem, it seems that $_GET, $_POST and >$_SESSION are indeed all affected. Any clue of a faulty installation >that would cause problem for many surperglobals? It sounds like some kind of memory problem. Can you run a memory tester on that server to see if that's the cause? Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session variable not persisting
Le 2013-03-18 à 15:41, Éric Oliver Paquette a écrit : > > Le 2013-03-18 à 15:37, Matijn Woudt a écrit : > >> >> >> >> On Mon, Mar 18, 2013 at 8:35 PM, Éric Oliver Paquette >> wrote: >> >> Le 2013-03-18 à 15:24, Éric Oliver Paquette a écrit : >> >>> >>> Le 2013-03-18 à 15:20, Matijn Woudt a écrit : >>> On Mon, Mar 18, 2013 at 8:13 PM, Éric Oliver Paquette wrote: > > On Mon, Mar 18, 2013 at 7:46 PM, Éric Oliver Paquette > wrote: > Hi all, > > I'll be swift in my explanation as I can't find in any way the source of > the problem; it seems to be installation-related. > > At execution, sometimes (randomly it seems at first), variable session > aren't properly stored. > > > In fact, when I run this on my server I randomly have empty entries in > the $_SESSION array. Any thoughts on this? Is this a known bug (haven't > found it…) > > Thanks! > > What does phpinfo() show about session stuff? Especially things like > save_handler and cookie_lifetime settings. Note that this seems to occur 3 times out of 1000 on average. Now, about your request : session Session Supportenabled Registered save handlers files user Registered serializer handlers php php_binary wddx Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 Off Off session.bug_compat_warnOff Off session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no valueno value session.cookie_httponlyOff Off session.cookie_lifetime0 0 session.cookie_path/ / session.cookie_secure Off Off session.entropy_file no valueno value session.entropy_length 0 0 session.gc_divisor 10001000 session.gc_maxlifetime 14401440 session.gc_probability 1 1 session.hash_bits_per_character5 5 session.hash_function 0 0 session.name PHPSESSID PHPSESSID session.referer_check no valueno value session.save_handler files files session.save_path /var/lib/php/session/var/lib/php/session session.serialize_handler php php session.use_cookiesOn On session.use_only_cookies On On session.use_trans_sid 0 0 Your settings seem to be fine. My best guess would be hardware failure, though it seems unlikely. Did you check apache (or whatever webserver you're using) logs for any errors or warnings? >>> >>> Yes I did. Everyhting seems normal there too. >> >> Hm… Just noticed something new in fact; was looking a last time before >> considering reinstallation on a new server: it seems that the $_GET['push'] >> is undefined. In the other scripts I use where I have this problem, I'm >> using $_POST variables though but still don't get stored in $_SESSION. If >> I'm correct, this may implies that it is apache that is faulty right? >> >> >> >> $_GET['push'] will be undefined if you still have your session stored, but >> accessing the script directly. It should have nothing to do with faulty >> Apache. > > Okay, let me paraphrase: when I run the ping pong scripts written up there, I > have a blank in var_dump($_SESSION) if and only if I have > > [Mon Mar 18 13:25:37 2013] [error] [client 184.151.114.111] PHP Notice: > Undefined index: push in > /home/www/www.ngenioconnect.com/Modules/MPOSurveyTest/pong.php on line 8 > > on apache log. So my question really is, it is apache that handles the posts > and gets requests, as I use both and it seems that the non-persistence of > data occurs before the storage in $_SESSION, is it possible that it is Apache > that is faulty? Er… I looked where it caused a problem, it seems that $_GET, $_POST and $_SESSION are indeed all affected. Any clue of a faulty installation that would cause problem for many surperglobals?
Re: [PHP] Session variable not persisting
Le 2013-03-18 à 15:37, Matijn Woudt a écrit : > > > > On Mon, Mar 18, 2013 at 8:35 PM, Éric Oliver Paquette > wrote: > > Le 2013-03-18 à 15:24, Éric Oliver Paquette a écrit : > >> >> Le 2013-03-18 à 15:20, Matijn Woudt a écrit : >> >>> >>> >>> >>> On Mon, Mar 18, 2013 at 8:13 PM, Éric Oliver Paquette >>> wrote: >>> On Mon, Mar 18, 2013 at 7:46 PM, Éric Oliver Paquette wrote: Hi all, I'll be swift in my explanation as I can't find in any way the source of the problem; it seems to be installation-related. At execution, sometimes (randomly it seems at first), variable session aren't properly stored. In fact, when I run this on my server I randomly have empty entries in the $_SESSION array. Any thoughts on this? Is this a known bug (haven't found it…) Thanks! What does phpinfo() show about session stuff? Especially things like save_handler and cookie_lifetime settings. >>> >>> Note that this seems to occur 3 times out of 1000 on average. >>> >>> Now, about your request : >>> >>> session >>> >>> Session Support enabled >>> Registered save handlersfiles user >>> Registered serializer handlers php php_binary wddx >>> >>> Directive Local Value Master Value >>> session.auto_start Off Off >>> session.bug_compat_42 Off Off >>> session.bug_compat_warn Off Off >>> session.cache_expire180 180 >>> session.cache_limiter nocache nocache >>> session.cookie_domain no valueno value >>> session.cookie_httponly Off Off >>> session.cookie_lifetime 0 0 >>> session.cookie_path / / >>> session.cookie_secure Off Off >>> session.entropy_fileno valueno value >>> session.entropy_length 0 0 >>> session.gc_divisor 10001000 >>> session.gc_maxlifetime 14401440 >>> session.gc_probability 1 1 >>> session.hash_bits_per_character 5 5 >>> session.hash_function 0 0 >>> session.namePHPSESSID PHPSESSID >>> session.referer_check no valueno value >>> session.save_handlerfiles files >>> session.save_path /var/lib/php/session/var/lib/php/session >>> session.serialize_handler php php >>> session.use_cookies On On >>> session.use_only_cookiesOn On >>> session.use_trans_sid 0 0 >>> >>> >>> Your settings seem to be fine. My best guess would be hardware failure, >>> though it seems unlikely. Did you check apache (or whatever webserver >>> you're using) logs for any errors or warnings? >> >> Yes I did. Everyhting seems normal there too. > > Hm… Just noticed something new in fact; was looking a last time before > considering reinstallation on a new server: it seems that the $_GET['push'] > is undefined. In the other scripts I use where I have this problem, I'm using > $_POST variables though but still don't get stored in $_SESSION. If I'm > correct, this may implies that it is apache that is faulty right? > > > > $_GET['push'] will be undefined if you still have your session stored, but > accessing the script directly. It should have nothing to do with faulty > Apache. Okay, let me paraphrase: when I run the ping pong scripts written up there, I have a blank in var_dump($_SESSION) if and only if I have [Mon Mar 18 13:25:37 2013] [error] [client 184.151.114.111] PHP Notice: Undefined index: push in /home/www/www.ngenioconnect.com/Modules/MPOSurveyTest/pong.php on line 8 on apache log. So my question really is, it is apache that handles the posts and gets requests, as I use both and it seems that the non-persistence of data occurs before the storage in $_SESSION, is it possible that it is Apache that is faulty? >
Re: [PHP] Session variable not persisting
On Mon, Mar 18, 2013 at 8:35 PM, Éric Oliver Paquette wrote: > > Le 2013-03-18 à 15:24, Éric Oliver Paquette a écrit : > > > Le 2013-03-18 à 15:20, Matijn Woudt a écrit : > > > > > On Mon, Mar 18, 2013 at 8:13 PM, Éric Oliver Paquette < > eopaque...@gmail.com> wrote: > >> >> >> On Mon, Mar 18, 2013 at 7:46 PM, Éric Oliver Paquette < >> eopaque...@gmail.com> wrote: >> >> Hi all, >> >> >> I'll be swift in my explanation as I can't find in any way the source of >> the problem; it seems to be installation-related. >> >> >> At execution, sometimes (randomly it seems at first), variable session >> aren't properly stored. >> >> >> >> In fact, when I run this on my server I randomly have empty entries in >> the $_SESSION array. Any thoughts on this? Is this a known bug (haven't >> found it…) >> >> >> Thanks! >> >> >> What does phpinfo() show about session stuff? Especially things like >> save_handler and cookie_lifetime settings. >> >> >> Note that this seems to occur 3 times out of 1000 on average. >> >> Now, about your request : >> >> session >> >> Session Support enabled >> Registered save handlers files user >> Registered serializer handlers php php_binary wddx >> >> Directive Local Value Master Value >> session.auto_start Off Off >> session.bug_compat_42 Off Off >> session.bug_compat_warn Off Off >> session.cache_expire 180 180 >> session.cache_limiter nocache nocache >> session.cookie_domain no value no value >> session.cookie_httponly Off Off >> session.cookie_lifetime 0 0 >> session.cookie_path / / >> session.cookie_secure Off Off >> session.entropy_file no value no value >> session.entropy_length 0 0 >> session.gc_divisor 1000 1000 >> session.gc_maxlifetime 1440 1440 >> session.gc_probability 1 1 >> session.hash_bits_per_character 5 5 >> session.hash_function 0 0 >> session.name PHPSESSID PHPSESSID >> session.referer_check no value no value >> session.save_handler files files >> session.save_path /var/lib/php/session /var/lib/php/session >> session.serialize_handler php php >> session.use_cookies On On >> session.use_only_cookies On On >> session.use_trans_sid 0 0 >> >> > Your settings seem to be fine. My best guess would be hardware failure, > though it seems unlikely. Did you check apache (or whatever webserver > you're using) logs for any errors or warnings? > > > Yes I did. Everyhting seems normal there too. > > > Hm… Just noticed something new in fact; was looking a last time before > considering reinstallation on a new server: it seems that the $_GET['push'] > is undefined. In the other scripts I use where I have this problem, I'm > using $_POST variables though but still don't get stored in $_SESSION. If > I'm correct, this may implies that it is apache that is faulty right? > > > $_GET['push'] will be undefined if you still have your session stored, but accessing the script directly. It should have nothing to do with faulty Apache.
Re: [PHP] Session variable not persisting
Le 2013-03-18 à 15:24, Éric Oliver Paquette a écrit : > > Le 2013-03-18 à 15:20, Matijn Woudt a écrit : > >> >> >> >> On Mon, Mar 18, 2013 at 8:13 PM, Éric Oliver Paquette >> wrote: >> >>> >>> On Mon, Mar 18, 2013 at 7:46 PM, Éric Oliver Paquette >>> wrote: >>> Hi all, >>> >>> I'll be swift in my explanation as I can't find in any way the source of >>> the problem; it seems to be installation-related. >>> >>> At execution, sometimes (randomly it seems at first), variable session >>> aren't properly stored. >>> >>> >>> In fact, when I run this on my server I randomly have empty entries in the >>> $_SESSION array. Any thoughts on this? Is this a known bug (haven't found >>> it…) >>> >>> Thanks! >>> >>> What does phpinfo() show about session stuff? Especially things like >>> save_handler and cookie_lifetime settings. >> >> Note that this seems to occur 3 times out of 1000 on average. >> >> Now, about your request : >> >> session >> >> Session Support enabled >> Registered save handlers files user >> Registered serializer handlers php php_binary wddx >> >> DirectiveLocal Value Master Value >> session.auto_start Off Off >> session.bug_compat_42Off Off >> session.bug_compat_warn Off Off >> session.cache_expire 180 180 >> session.cache_limiternocache nocache >> session.cookie_domainno valueno value >> session.cookie_httponly Off Off >> session.cookie_lifetime 0 0 >> session.cookie_path / / >> session.cookie_secureOff Off >> session.entropy_file no valueno value >> session.entropy_length 0 0 >> session.gc_divisor 10001000 >> session.gc_maxlifetime 14401440 >> session.gc_probability 1 1 >> session.hash_bits_per_character 5 5 >> session.hash_function0 0 >> session.name PHPSESSID PHPSESSID >> session.referer_checkno valueno value >> session.save_handler files files >> session.save_path/var/lib/php/session/var/lib/php/session >> session.serialize_handlerphp php >> session.use_cookies On On >> session.use_only_cookies On On >> session.use_trans_sid0 0 >> >> >> Your settings seem to be fine. My best guess would be hardware failure, >> though it seems unlikely. Did you check apache (or whatever webserver you're >> using) logs for any errors or warnings? > > Yes I did. Everyhting seems normal there too. Hm… Just noticed something new in fact; was looking a last time before considering reinstallation on a new server: it seems that the $_GET['push'] is undefined. In the other scripts I use where I have this problem, I'm using $_POST variables though but still don't get stored in $_SESSION. If I'm correct, this may implies that it is apache that is faulty right?
Re: [PHP] Session variable not persisting
Le 2013-03-18 à 15:20, Matijn Woudt a écrit : > > > > On Mon, Mar 18, 2013 at 8:13 PM, Éric Oliver Paquette > wrote: > >> >> On Mon, Mar 18, 2013 at 7:46 PM, Éric Oliver Paquette >> wrote: >> Hi all, >> >> I'll be swift in my explanation as I can't find in any way the source of the >> problem; it seems to be installation-related. >> >> At execution, sometimes (randomly it seems at first), variable session >> aren't properly stored. >> >> >> In fact, when I run this on my server I randomly have empty entries in the >> $_SESSION array. Any thoughts on this? Is this a known bug (haven't found >> it…) >> >> Thanks! >> >> What does phpinfo() show about session stuff? Especially things like >> save_handler and cookie_lifetime settings. > > Note that this seems to occur 3 times out of 1000 on average. > > Now, about your request : > > session > > Session Support enabled > Registered save handlers files user > Registered serializer handlersphp php_binary wddx > > Directive Local Value Master Value > session.auto_startOff Off > session.bug_compat_42 Off Off > session.bug_compat_warn Off Off > session.cache_expire 180 180 > session.cache_limiter nocache nocache > session.cookie_domain no valueno value > session.cookie_httponly Off Off > session.cookie_lifetime 0 0 > session.cookie_path / / > session.cookie_secure Off Off > session.entropy_file no valueno value > session.entropy_length0 0 > session.gc_divisor10001000 > session.gc_maxlifetime14401440 > session.gc_probability1 1 > session.hash_bits_per_character 5 5 > session.hash_function 0 0 > session.name PHPSESSID PHPSESSID > session.referer_check no valueno value > session.save_handler files files > session.save_path /var/lib/php/session/var/lib/php/session > session.serialize_handler php php > session.use_cookies On On > session.use_only_cookies On On > session.use_trans_sid 0 0 > > > Your settings seem to be fine. My best guess would be hardware failure, > though it seems unlikely. Did you check apache (or whatever webserver you're > using) logs for any errors or warnings? Yes I did. Everyhting seems normal there too.
Re: [PHP] Session variable not persisting
On Mon, Mar 18, 2013 at 8:13 PM, Éric Oliver Paquette wrote: > > > On Mon, Mar 18, 2013 at 7:46 PM, Éric Oliver Paquette < > eopaque...@gmail.com> wrote: > > Hi all, > > > I'll be swift in my explanation as I can't find in any way the source of > the problem; it seems to be installation-related. > > > At execution, sometimes (randomly it seems at first), variable session > aren't properly stored. > > > > In fact, when I run this on my server I randomly have empty entries in the > $_SESSION array. Any thoughts on this? Is this a known bug (haven't found > it…) > > > Thanks! > > > What does phpinfo() show about session stuff? Especially things like > save_handler and cookie_lifetime settings. > > > Note that this seems to occur 3 times out of 1000 on average. > > Now, about your request : > > session > > Session Support enabled > Registered save handlers files user > Registered serializer handlers php php_binary wddx > > Directive Local Value Master Value > session.auto_start Off Off > session.bug_compat_42 Off Off > session.bug_compat_warn Off Off > session.cache_expire 180 180 > session.cache_limiter nocache nocache > session.cookie_domain no value no value > session.cookie_httponly Off Off > session.cookie_lifetime 0 0 > session.cookie_path / / > session.cookie_secure Off Off > session.entropy_file no value no value > session.entropy_length 0 0 > session.gc_divisor 1000 1000 > session.gc_maxlifetime 1440 1440 > session.gc_probability 1 1 > session.hash_bits_per_character 5 5 > session.hash_function 0 0 > session.name PHPSESSID PHPSESSID > session.referer_check no value no value > session.save_handler files files > session.save_path /var/lib/php/session /var/lib/php/session > session.serialize_handler php php > session.use_cookies On On > session.use_only_cookies On On > session.use_trans_sid 0 0 > > Your settings seem to be fine. My best guess would be hardware failure, though it seems unlikely. Did you check apache (or whatever webserver you're using) logs for any errors or warnings? - Matijn
Re: [PHP] Session variable not persisting
> > On Mon, Mar 18, 2013 at 7:46 PM, Éric Oliver Paquette > wrote: > Hi all, > > I'll be swift in my explanation as I can't find in any way the source of the > problem; it seems to be installation-related. > > At execution, sometimes (randomly it seems at first), variable session aren't > properly stored. > > > In fact, when I run this on my server I randomly have empty entries in the > $_SESSION array. Any thoughts on this? Is this a known bug (haven't found it…) > > Thanks! > > What does phpinfo() show about session stuff? Especially things like > save_handler and cookie_lifetime settings. Note that this seems to occur 3 times out of 1000 on average. Now, about your request : session Session Support enabled Registered save handlersfiles user Registered serializer handlers php php_binary wddx Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 Off Off session.bug_compat_warn Off Off session.cache_expire180 180 session.cache_limiter nocache nocache session.cookie_domain no valueno value session.cookie_httponly Off Off session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_fileno valueno value session.entropy_length 0 0 session.gc_divisor 10001000 session.gc_maxlifetime 14401440 session.gc_probability 1 1 session.hash_bits_per_character 5 5 session.hash_function 0 0 session.namePHPSESSID PHPSESSID session.referer_check no valueno value session.save_handlerfiles files session.save_path /var/lib/php/session/var/lib/php/session session.serialize_handler php php session.use_cookies On On session.use_only_cookiesOn On session.use_trans_sid 0 0 __ Éric
Re: [PHP] Session variable not persisting
On Mon, Mar 18, 2013 at 7:46 PM, Éric Oliver Paquette wrote: > Hi all, > > I'll be swift in my explanation as I can't find in any way the source of > the problem; it seems to be installation-related. > > At execution, sometimes (randomly it seems at first), variable session > aren't properly stored. > > > In fact, when I run this on my server I randomly have empty entries in the > $_SESSION array. Any thoughts on this? Is this a known bug (haven't found > it…) > > Thanks! > What does phpinfo() show about session stuff? Especially things like save_handler and cookie_lifetime settings. - Matijn
Re: [PHP] Session ?
I've read about passing the session id to a script and using that to opene
up the existing session file. Is this something I could do in this case?
Or am I SOL?
You can pass the session ID and reactivate the session that way,
sure. Not pretty, and it does lead to security considerations, but it
would work.
Hi Daniel,
Your security consideration important for me and I really need to know
what am I missing.
Using your xs(cross-site) request and cookie based authentication with
user-name and password has same level security problems. if you use
tokens they can not reading or using by an other pages. Attacker must
guess a random token(its difficult then guess passwords). if your
browser hacked or your main page has bad js code. This is bigger problem
then using xs request. they can get your password or session id.
I try to clarify my point of view for better discussion,
both servers can use same log-in database or enable to query each other.
after logged-in first.domain or a.first.domain
user has ability to call an other trusted server without password and
user-name.
when hit the page has XS button first.domain server will generate random
key and random value
and send in button code with secure protocol.(before send, you must
check referrer and token for CSRF protection)
detailed client info, secure key and value must store in session
database for later security check.
(you need more 3 columns key value and expire-date)
sample button code in
https://second.domain/need_to_see_without_user_input.php:
//after logged in your-first.domain
echo "action='https://second.domain/need_to_see_without_user_input.php'
method='post' style='' >";
echo "name='long_random_secure_xs_cookie_name'
value='{$long_random_secure_xs_cookie_value}' style='' >";
echo "run script 2 on second.domain" ;
echo "";
echo "";
clicking that button same as write down password, user name and click
submit. but easier and not less secure then password authentication.
key and value must be long and secure enough (not like unique-id).
second server side:
-check the name and value and expire date IP browser etc.
- if there is any valid session in first server then clear key and value
don't touch server first.domain session data
- create new session on server second.domain width same user.
now same user has different valid session on both servers.
this method looks safe as password and user name authentication
just focus on sending secure key and value to the real client!!!
Of-course some old browsers has security holes
conditions:
-old browsers like Firefox 5
-(not easy but possible; newer browsers with some dangerous add-ons )
-not using tokens every page/form requests (after log-in first.domain)
after logged-in first.domain attacker can use this holes alter the
referrer and can get secure key and value
there is a solution ;they cannot alter post data referrer(if browser not
hacked) if you post back the token you will be quite safe.(check
referrer and token)
I guess this is fit public users who use password authentication.
if you are company user or security guy You must use certificate
authentication with VPN.
There is no absolute security in theory. But we have to discus how will
be improved. Because bad guys already doing that in opposite way.
Thanks,
Hakan Can.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On 12/13/2012 9:16 AM, Marco Behnke wrote:
Am 13.12.12 14:49, schrieb Jim Giner:
Ok, that is a different answer from the previous one where you said "it
points to a folder within my main domain's structure"
Are you running on error_reporting(E_ALL) and ini_set('display_errors',
'On')?
Just to be sure that there are no hidden notices or warnings.
my sub points to a folder within my domain's structure. My session's
store point (?) is \tmp. You asked two different questions.
point taken ;)
I will try to do a setup like yours and check which code works for me.
Thanks for the interest. Hope you have better luck than I.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
Am 13.12.12 14:49, schrieb Jim Giner:
>
>> Ok, that is a different answer from the previous one where you said "it
>> points to a folder within my main domain's structure"
>>
>> Are you running on error_reporting(E_ALL) and ini_set('display_errors',
>> 'On')?
>> Just to be sure that there are no hidden notices or warnings.
>>
>>
> my sub points to a folder within my domain's structure. My session's
> store point (?) is \tmp. You asked two different questions.
>
point taken ;)
I will try to do a setup like yours and check which code works for me.
--
Marco Behnke
Dipl. Informatiker (FH), SAE Audio Engineer Diploma
Zend Certified Engineer PHP 5.3
Tel.: 0174 / 9722336
e-Mail: ma...@behnke.biz
Softwaretechnik Behnke
Heinrich-Heine-Str. 7D
21218 Seevetal
http://www.behnke.biz
signature.asc
Description: OpenPGP digital signature
Re: [PHP] Session ?
On 12/12/2012 5:25 PM, Marco Behnke wrote:
Am 12.12.12 15:58, schrieb Jim Giner:
On 12/12/2012 8:08 AM, ma...@behnke.biz wrote:
Jim Giner hat am 12. Dezember 2012 um
02:53
geschrieben:
On 12/11/2012 7:27 PM, Marco Behnke wrote:
Am 08.12.12 19:08, schrieb Jim Giner:
All my debugging messages indicagte that I have the same session id,
yet I don't have the same variables, ie, they're missing.
Just to be sure ... the webspace is on the same server and has
access to
the same directory where the session data is stored?
(session_save_path)?
Yes - it points to a folder within my main domain's structure.
which is accessible from your subdomains?
They are all pointing (re the ini file) to the default of /tmp so I
presume that they all have access to that folder.
Ok, that is a different answer from the previous one where you said "it
points to a folder within my main domain's structure"
Are you running on error_reporting(E_ALL) and ini_set('display_errors',
'On')?
Just to be sure that there are no hidden notices or warnings.
my sub points to a folder within my domain's structure. My session's
store point (?) is \tmp. You asked two different questions.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
Am 12.12.12 15:58, schrieb Jim Giner:
> On 12/12/2012 8:08 AM, ma...@behnke.biz wrote:
>>
>>
>> Jim Giner hat am 12. Dezember 2012 um
>> 02:53
>> geschrieben:
>>> On 12/11/2012 7:27 PM, Marco Behnke wrote:
Am 08.12.12 19:08, schrieb Jim Giner:
> All my debugging messages indicagte that I have the same session id,
> yet I don't have the same variables, ie, they're missing.
Just to be sure ... the webspace is on the same server and has
access to
the same directory where the session data is stored?
(session_save_path)?
>>> Yes - it points to a folder within my main domain's structure.
>>
>> which is accessible from your subdomains?
>>
>>>
> They are all pointing (re the ini file) to the default of /tmp so I
> presume that they all have access to that folder.
Ok, that is a different answer from the previous one where you said "it
points to a folder within my main domain's structure"
Are you running on error_reporting(E_ALL) and ini_set('display_errors',
'On')?
Just to be sure that there are no hidden notices or warnings.
--
Marco Behnke
Dipl. Informatiker (FH), SAE Audio Engineer Diploma
Zend Certified Engineer PHP 5.3
Tel.: 0174 / 9722336
e-Mail: ma...@behnke.biz
Softwaretechnik Behnke
Heinrich-Heine-Str. 7D
21218 Seevetal
http://www.behnke.biz
signature.asc
Description: OpenPGP digital signature
Re: [PHP] Session ?
On 12/12/2012 8:08 AM, ma...@behnke.biz wrote: Jim Giner hat am 12. Dezember 2012 um 02:53 geschrieben: On 12/11/2012 7:27 PM, Marco Behnke wrote: Am 08.12.12 19:08, schrieb Jim Giner: All my debugging messages indicagte that I have the same session id, yet I don't have the same variables, ie, they're missing. Just to be sure ... the webspace is on the same server and has access to the same directory where the session data is stored? (session_save_path)? Yes - it points to a folder within my main domain's structure. which is accessible from your subdomains? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz They are all pointing (re the ini file) to the default of /tmp so I presume that they all have access to that folder. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
Jim Giner hat am 12. Dezember 2012 um 02:53 geschrieben: > On 12/11/2012 7:27 PM, Marco Behnke wrote: > > Am 08.12.12 19:08, schrieb Jim Giner: > >> All my debugging messages indicagte that I have the same session id, > >> yet I don't have the same variables, ie, they're missing. > > Just to be sure ... the webspace is on the same server and has access to > > the same directory where the session data is stored? (session_save_path)? > > > > > Yes - it points to a folder within my main domain's structure. which is accessible from your subdomains? > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On 12/11/2012 7:27 PM, Marco Behnke wrote: Am 08.12.12 19:08, schrieb Jim Giner: All my debugging messages indicagte that I have the same session id, yet I don't have the same variables, ie, they're missing. Just to be sure ... the webspace is on the same server and has access to the same directory where the session data is stored? (session_save_path)? Yes - it points to a folder within my main domain's structure. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
Am 08.12.12 19:08, schrieb Jim Giner: > All my debugging messages indicagte that I have the same session id, > yet I don't have the same variables, ie, they're missing. Just to be sure ... the webspace is on the same server and has access to the same directory where the session data is stored? (session_save_path)? -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz signature.asc Description: OpenPGP digital signature
Re: [PHP] Session ?
On 12/8/2012 12:10 PM, Jim Giner wrote:
On 12/8/2012 11:41 AM, Jim Giner wrote:
On 12/8/2012 11:04 AM, Daniel Brown wrote:
You can pass the session ID and reactivate the session that way,
sure. Not pretty, and it does lead to security considerations, but it
would work.
OK - I've done this in script 1:
if (isset($_REQUEST['sess']))
$sess_id = $_REQUEST['sess'];
else
$sess_id = '';
if ($sess_id > '')
{
session_start($sess_id);
$errmsg .= "started sess id is: $sess_id ";
}
else
{
session_start();
$errmsg .= "started new sess ";
}
Then my process creates a Session array and calls script 2
In script 2 I have:
if (isset($_GET['sess']) && $_GET['sess'] <> '')
{
$sess_id = $_GET['sess'];
session_start($sess_id);
$errmsg .= "started sess $sess_id ";
}
else
{
session_start();
$sess_id = session_id();
$errmsg = "started NEW sess with id of $sess_id ";
}
My $errmsg shows me the same sess id in both scripts, and it would
appear that I have managed to pass my session across the sub-domains.
But when script 2 attempts to access the contents of the Session array
created in script 1 it doesn't find it. What am I not doing?
Forgot to mention that when I do header(...) to go to script 2 that I do
append the session id to my url
Same on the return from script 2 back to script 1.
Plugging away at my problem still. Here is something interesting.
Apparently I don't understand how some of these session settings work.
In my script 2 (the called one) I have this code:
if (isset($_REQUEST['sess']))
$sess_id = $_REQUEST['sess'];
else
$sess_id = '';
if ($sess_id > '')
{
session_start($sess_id);
$errmsg .= "started sess with id of $sess_id ";
}
else
{
session_start();
$errmsg .= "started a NEW sess ";
}
$sid = session_id();
$errmsg .= "started sess actual id is: $sid ";
Now - there is a 'sess' argument in my url string that calls this, so I
am using the branch of the logic that shows me that I "started sess with
id of ". But I've added the last two lines to check on that and I
get "started sess actual id is: zz" - NOT the right id.
Can someone explain the use of session ids and the right commands to
use? From my understanding my thinking is:
in script 1 after establishing the initial session wiht a session_start():
1 - get the session id save it in a hidden field on my screen
2 - when script 1 starts again, retrieve the id and when going to my
script 2 (in the other sub-dom) attach it as an argument
3 - in the called script 2, retrieve the argument from the url and start
the session with:
session_start($sessid)
4 - save the sessid in this screen's fields
5 - when script 2 gets control again, retrieve the id from the hidden
field and if the user has opted to return to script 1, attach the
session id to the url again.
All my debugging messages indicagte that I have the same session id, yet
I don't have the same variables, ie, they're missing.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On Sat, Dec 8, 2012 at 12:10 PM, Jim Giner wrote:
> On 12/8/2012 11:41 AM, Jim Giner wrote:
>
>> On 12/8/2012 11:04 AM, Daniel Brown wrote:
>>
>>> You can pass the session ID and reactivate the session that way,
>>> sure. Not pretty, and it does lead to security considerations, but it
>>> would work.
>>>
>>> OK - I've done this in script 1:
>>
>> if (isset($_REQUEST['sess']))
>> $sess_id = $_REQUEST['sess'];
>> else
>> $sess_id = '';
>> if ($sess_id > '')
>> {
>> session_start($sess_id);
>> $errmsg .= "started sess id is: $sess_id ";
>> }
>> else
>> {
>> session_start();
>> $errmsg .= "started new sess ";
>> }
>>
>>
>> Then my process creates a Session array and calls script 2
>> In script 2 I have:
>>
>> if (isset($_GET['sess']) && $_GET['sess'] <> '')
>> {
>> $sess_id = $_GET['sess'];
>> session_start($sess_id);
>> $errmsg .= "started sess $sess_id ";
>> }
>> else
>> {
>> session_start();
>> $sess_id = session_id();
>> $errmsg = "started NEW sess with id of $sess_id ";
>> }
>>
>> My $errmsg shows me the same sess id in both scripts, and it would
>> appear that I have managed to pass my session across the sub-domains.
>> But when script 2 attempts to access the contents of the Session array
>> created in script 1 it doesn't find it. What am I not doing?
>>
>> Forgot to mention that when I do header(...) to go to script 2 that I do
> append the session id to my url
> Same on the return from script 2 back to script 1.
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
I know i'm late to the party here but I had to do something similar
I used something similar to
http://www.nczonline.net/blog/2010/09/07/learning-from-xauth-cross-domain-localstorage/
ie storing the session state in html localstorage objects then using the
methods in that link to read them thru iframes on the other domain...
Re: [PHP] Session ?
On 12/8/2012 11:41 AM, Jim Giner wrote:
On 12/8/2012 11:04 AM, Daniel Brown wrote:
You can pass the session ID and reactivate the session that way,
sure. Not pretty, and it does lead to security considerations, but it
would work.
OK - I've done this in script 1:
if (isset($_REQUEST['sess']))
$sess_id = $_REQUEST['sess'];
else
$sess_id = '';
if ($sess_id > '')
{
session_start($sess_id);
$errmsg .= "started sess id is: $sess_id ";
}
else
{
session_start();
$errmsg .= "started new sess ";
}
Then my process creates a Session array and calls script 2
In script 2 I have:
if (isset($_GET['sess']) && $_GET['sess'] <> '')
{
$sess_id = $_GET['sess'];
session_start($sess_id);
$errmsg .= "started sess $sess_id ";
}
else
{
session_start();
$sess_id = session_id();
$errmsg = "started NEW sess with id of $sess_id ";
}
My $errmsg shows me the same sess id in both scripts, and it would
appear that I have managed to pass my session across the sub-domains.
But when script 2 attempts to access the contents of the Session array
created in script 1 it doesn't find it. What am I not doing?
Forgot to mention that when I do header(...) to go to script 2 that I do
append the session id to my url
Same on the return from script 2 back to script 1.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On 12/8/2012 11:04 AM, Daniel Brown wrote:
You can pass the session ID and reactivate the session that way,
sure. Not pretty, and it does lead to security considerations, but it
would work.
OK - I've done this in script 1:
if (isset($_REQUEST['sess']))
$sess_id = $_REQUEST['sess'];
else
$sess_id = '';
if ($sess_id > '')
{
session_start($sess_id);
$errmsg .= "started sess id is: $sess_id ";
}
else
{
session_start();
$errmsg .= "started new sess ";
}
Then my process creates a Session array and calls script 2
In script 2 I have:
if (isset($_GET['sess']) && $_GET['sess'] <> '')
{
$sess_id = $_GET['sess'];
session_start($sess_id);
$errmsg .= "started sess $sess_id ";
}
else
{
session_start();
$sess_id = session_id();
$errmsg = "started NEW sess with id of $sess_id ";
}
My $errmsg shows me the same sess id in both scripts, and it would
appear that I have managed to pass my session across the sub-domains.
But when script 2 attempts to access the contents of the Session array
created in script 1 it doesn't find it. What am I not doing?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On Sat, Dec 8, 2012 at 10:52 AM, Jim Giner wrote: > Didn't work. > > Let me explain my domain names. My main domain is "albanyhandball.com". I > have two subs called "x.albanyhandball.com" and "y.albanyhandball.com". > Attached to each of these is what my isp calls an "add-on domain" name. > These two names are not similar at all. As in "addon1.net" and > "myothersub.com", but each is tied to one of the sub-domain names. Looking > at a phpinfo dump, the true sub-domain names (*.albanyhandball.com) show up > only in the SERVER_ADMIN setting, while my add-on domain names show up in > the SERVER_NAME settings. That won't work and should not work. You could technically do it, but you'd be deliberately creating an XSS for your sites. If it worked that way on its own, it would either be (a) a horrible browser or (b) 1995. It'll work for the subdomains, but not addon or parked domains. > I've read about passing the session id to a script and using that to opene > up the existing session file. Is this something I could do in this case? > Or am I SOL? You can pass the session ID and reactivate the session that way, sure. Not pretty, and it does lead to security considerations, but it would work. -- Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On 12/7/2012 4:02 PM, Jim Giner wrote:
So i need the ini set in both scripts. Thx. Ill try that later
jg
OK - I put the line:
ini_set('session.cookie_domain','.albanyhandball.com');
session_start();
into each of my scripts.
Didn't work.
Let me explain my domain names. My main domain is "albanyhandball.com".
I have two subs called "x.albanyhandball.com" and
"y.albanyhandball.com". Attached to each of these is what my isp calls
an "add-on domain" name. These two names are not similar at all. As in
"addon1.net" and "myothersub.com", but each is tied to one of the
sub-domain names. Looking at a phpinfo dump, the true sub-domain names
(*.albanyhandball.com) show up only in the SERVER_ADMIN setting, while
my add-on domain names show up in the SERVER_NAME settings.
I've read about passing the session id to a script and using that to
opene up the existing session file. Is this something I could do in
this case? Or am I SOL?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On 12/7/2012 3:20 PM, Sebastian Krebs wrote: 2012/12/7 Daniel Brown On Fri, Dec 7, 2012 at 3:04 PM, Jim Giner wrote: OK - now that I've messed us all up, help me to understand your proposed solution. I added the ini-set line to my first script. Then I called my second one and still had the same problem with a missing session var. Is there a corresponding line I need in the 'called' script? And does it matter where this line is place within the script? From your response to Sebastian, I'm not sure it will work. They need to be subdomains of the same domain; different domains won't work. However, proceeding with the presumption that the subdomains are under the same SLD (e.g. - apple.example.com and orange.example.com), this should work: Then Would be better to put 'session.cookie_domain' into the php.ini. In both cases: Clear cookies (at least for your site) completely and set session.auto_start to 0. -- Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php What does doing session.auto_start to 0 do to me? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On Fri, Dec 7, 2012 at 2:04 PM, Jim Giner wrote: > On 12/7/2012 2:59 PM, Daniel Brown wrote: >> >> On Fri, Dec 7, 2012 at 2:54 PM, Jim Giner >> wrote: >>> >>> >>> What if my sub-domain names are not in the form of 'a.domain.com' and >>> 'b.domain.com'. >> >> >> A subdomain is a subdomain. Unless you've discovered a new >> magical form of subdomain that is not, you should be fine. And if you >> have, in fact, made that discovery, you're probably the reason the >> Mayans predicted a very short winter this year. Thanks for screwing >> us, Jim. >> > OK - now that I've messed us all up, help me to understand your proposed > solution. I added the ini-set line to my first script. Then I called my > second one and still had the same problem with a missing session var. Is > there a corresponding line I need in the 'called' script? And does it > matter where this line is place within the script? > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > also remember to clear cookies (on browser), and session caches (on server) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
So i need the ini set in both scripts. Thx. Ill try that later jg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On Fri, Dec 7, 2012 at 3:20 PM, Sebastian Krebs wrote: > > Would be better to put 'session.cookie_domain' into the php.ini. In both > cases: Clear cookies (at least for your site) completely and set > session.auto_start to 0. If it's configured on the server for overrides, sure, a local one. Otherwise, the system php.ini will break all other domains on the server. -- Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
2012/12/7 Daniel Brown
> On Fri, Dec 7, 2012 at 3:04 PM, Jim Giner
> wrote:
> >
> > OK - now that I've messed us all up, help me to understand your proposed
> > solution. I added the ini-set line to my first script. Then I called my
> > second one and still had the same problem with a missing session var. Is
> > there a corresponding line I need in the 'called' script? And does it
> > matter where this line is place within the script?
>
> From your response to Sebastian, I'm not sure it will work. They
> need to be subdomains of the same domain; different domains won't
> work. However, proceeding with the presumption that the subdomains
> are under the same SLD (e.g. - apple.example.com and
> orange.example.com), this should work:
>
> // apple.example.com
> ini_set('session.cookie_domain','.example.com');
> session_start();
> $_SESSION['foo'] = 'bar';
> session_write_close();
> ?>
>
> Then
>
> // orange.example.com
> ini_set('session.cookie_domain','.example.com');
> session_start();
> echo isset($_SESSION['foo']) ? $_SESSION['foo'] : 'Session failed to
> transfer.';
> ?>
>
Would be better to put 'session.cookie_domain' into the php.ini. In both
cases: Clear cookies (at least for your site) completely and set
session.auto_start to 0.
>
> --
>
> Network Infrastructure Manager
> http://www.php.net/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
github.com/KingCrunch
Re: [PHP] Session ?
On Fri, Dec 7, 2012 at 3:04 PM, Jim Giner wrote: > > OK - now that I've messed us all up, help me to understand your proposed > solution. I added the ini-set line to my first script. Then I called my > second one and still had the same problem with a missing session var. Is > there a corresponding line I need in the 'called' script? And does it > matter where this line is place within the script? From your response to Sebastian, I'm not sure it will work. They need to be subdomains of the same domain; different domains won't work. However, proceeding with the presumption that the subdomains are under the same SLD (e.g. - apple.example.com and orange.example.com), this should work: Then -- Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On 12/7/2012 2:59 PM, Daniel Brown wrote: On Fri, Dec 7, 2012 at 2:54 PM, Jim Giner wrote: What if my sub-domain names are not in the form of 'a.domain.com' and 'b.domain.com'. A subdomain is a subdomain. Unless you've discovered a new magical form of subdomain that is not, you should be fine. And if you have, in fact, made that discovery, you're probably the reason the Mayans predicted a very short winter this year. Thanks for screwing us, Jim. OK - now that I've messed us all up, help me to understand your proposed solution. I added the ini-set line to my first script. Then I called my second one and still had the same problem with a missing session var. Is there a corresponding line I need in the 'called' script? And does it matter where this line is place within the script? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On 12/7/2012 2:58 PM, Sebastian Krebs wrote: 2012/12/7 Jim Giner On 12/7/2012 2:41 PM, Daniel Brown wrote: On Fri, Dec 7, 2012 at 2:38 PM, Jim Giner wrote: On 12/7/2012 2:36 PM, Daniel Brown wrote: On Fri, Dec 7, 2012 at 2:33 PM, Jim Giner wrote: Something new for me - working with scripts on two of my sub-domains. I want to call script 2 in my B domain from script 1 in my A domain. It appears that the session vars established in script 1 do not show up in script 2. Is that because the domain name is different? Is this where one must grab the session id and use it in another script in order to retain the original session and its vars? If this is so, can someone elaborate on the capture of the session id process? Are both domains on the same physical (or virtual) server? Yes - they are sub-domains of my main one. The preceding dot before the SLD allow the session cookie to be accessible on *.example.com. What if my sub-domain names are not in the form of 'a.domain.com' and ' b.domain.com'. What do you mean? Subdomains are always in the form "*.example.com" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php My bad - I was referencing the "add-on domain" name which is not. Yes - there are subs in the correct format which I forgot about. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On Fri, Dec 7, 2012 at 2:54 PM, Jim Giner wrote: > > What if my sub-domain names are not in the form of 'a.domain.com' and > 'b.domain.com'. A subdomain is a subdomain. Unless you've discovered a new magical form of subdomain that is not, you should be fine. And if you have, in fact, made that discovery, you're probably the reason the Mayans predicted a very short winter this year. Thanks for screwing us, Jim. -- Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
2012/12/7 Jim Giner > On 12/7/2012 2:41 PM, Daniel Brown wrote: > >> On Fri, Dec 7, 2012 at 2:38 PM, Jim Giner >> wrote: >> >>> On 12/7/2012 2:36 PM, Daniel Brown wrote: >>> On Fri, Dec 7, 2012 at 2:33 PM, Jim Giner >>> > wrote: > > Something new for me - working with scripts on two of my sub-domains. > > I want to call script 2 in my B domain from script 1 in my A domain. > > It appears that the session vars established in script 1 do not show up > in > script 2. Is that because the domain name is different? Is this where > one > must grab the session id and use it in another script in order to > retain > the > original session and its vars? If this is so, can someone elaborate on > the > capture of the session id process? > Are both domains on the same physical (or virtual) server? Yes - they are sub-domains of my main one. >>> >> >> >> >> The preceding dot before the SLD allow the session cookie to be >> accessible on *.example.com. >> >> What if my sub-domain names are not in the form of 'a.domain.com' and ' > b.domain.com'. What do you mean? Subdomains are always in the form "*.example.com" > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- github.com/KingCrunch
Re: [PHP] Session ?
On 12/7/2012 2:41 PM, Daniel Brown wrote: On Fri, Dec 7, 2012 at 2:38 PM, Jim Giner wrote: On 12/7/2012 2:36 PM, Daniel Brown wrote: On Fri, Dec 7, 2012 at 2:33 PM, Jim Giner wrote: Something new for me - working with scripts on two of my sub-domains. I want to call script 2 in my B domain from script 1 in my A domain. It appears that the session vars established in script 1 do not show up in script 2. Is that because the domain name is different? Is this where one must grab the session id and use it in another script in order to retain the original session and its vars? If this is so, can someone elaborate on the capture of the session id process? Are both domains on the same physical (or virtual) server? Yes - they are sub-domains of my main one. The preceding dot before the SLD allow the session cookie to be accessible on *.example.com. What if my sub-domain names are not in the form of 'a.domain.com' and 'b.domain.com'. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On Fri, Dec 7, 2012 at 2:38 PM, Jim Giner wrote: > On 12/7/2012 2:36 PM, Daniel Brown wrote: >> >> On Fri, Dec 7, 2012 at 2:33 PM, Jim Giner >> wrote: >>> >>> Something new for me - working with scripts on two of my sub-domains. >>> >>> I want to call script 2 in my B domain from script 1 in my A domain. >>> >>> It appears that the session vars established in script 1 do not show up >>> in >>> script 2. Is that because the domain name is different? Is this where >>> one >>> must grab the session id and use it in another script in order to retain >>> the >>> original session and its vars? If this is so, can someone elaborate on >>> the >>> capture of the session id process? >> >> >> Are both domains on the same physical (or virtual) server? >> > Yes - they are sub-domains of my main one. The preceding dot before the SLD allow the session cookie to be accessible on *.example.com. -- Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On 12/7/2012 2:36 PM, Daniel Brown wrote: On Fri, Dec 7, 2012 at 2:33 PM, Jim Giner wrote: Something new for me - working with scripts on two of my sub-domains. I want to call script 2 in my B domain from script 1 in my A domain. It appears that the session vars established in script 1 do not show up in script 2. Is that because the domain name is different? Is this where one must grab the session id and use it in another script in order to retain the original session and its vars? If this is so, can someone elaborate on the capture of the session id process? Are both domains on the same physical (or virtual) server? Yes - they are sub-domains of my main one. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On Fri, Dec 7, 2012 at 2:33 PM, Jim Giner wrote: > Something new for me - working with scripts on two of my sub-domains. > > I want to call script 2 in my B domain from script 1 in my A domain. > > It appears that the session vars established in script 1 do not show up in > script 2. Is that because the domain name is different? Is this where one > must grab the session id and use it in another script in order to retain the > original session and its vars? If this is so, can someone elaborate on the > capture of the session id process? Are both domains on the same physical (or virtual) server? -- Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session data lost in Firefox
On Fri, Oct 26, 2012 at 12:12 PM, John Boy wrote: > Looks like it was a corrupted Paypal cookie lurking about on my test > machine. Clearing all Paypal cookies cured the problem. > Hours can be spent looking for needles like this in a very complex haystack > and it turns out to be the simplest solution that's not even related > directly to the programming. Thanks, Andrew for the prompting! > However if this happened on a punter's computer the same would happen - so > is there a way of coding the removal of third party cookies to avoid this > problem? > As far as I know, if you can set a cookie you can also clear it. I don't like the approach, though. I have 3rd party cookies disabled on purpose. Andrew
Re: [PHP] Session data lost in Firefox
Looks like it was a corrupted Paypal cookie lurking about on my test machine. Clearing all Paypal cookies cured the problem. Hours can be spent looking for needles like this in a very complex haystack and it turns out to be the simplest solution that's not even related directly to the programming. Thanks, Andrew for the prompting! However if this happened on a punter's computer the same would happen - so is there a way of coding the removal of third party cookies to avoid this problem? "Andrew Ballard" wrote in message news:cac1b6rsbydmopeulin0fjmax-vap_uas_1w6e-nr-1shwm+...@mail.gmail.com... > On Fri, Oct 26, 2012 at 8:49 AM, John Boy > wrote: > >> Hi >> >> I have a wesite where PHP session data is passed page to page then shells >> out to Paypal for payment then back to my website for completion of >> transaction and update of mysql file. When using Firefox our session data >> and POST data from Paypal is lost. This has happend only recently and has >> worked happily in the past. Works in other browsers too. Anyone heard of >> same problems? >> >> mywebpage -> session data->mywebpage2->session data->paypal page->POST >> data >> + session data->mywebpage3 >> >> -- >> Johniboy >> > > Just a thought - does this depend on using third party cookies between > your > site and PayPal? If so, do you have them disabled in Firefox? > > Andrew > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session data lost in Firefox
On Fri, Oct 26, 2012 at 8:49 AM, John Boy wrote: > Hi > > I have a wesite where PHP session data is passed page to page then shells > out to Paypal for payment then back to my website for completion of > transaction and update of mysql file. When using Firefox our session data > and POST data from Paypal is lost. This has happend only recently and has > worked happily in the past. Works in other browsers too. Anyone heard of > same problems? > > mywebpage -> session data->mywebpage2->session data->paypal page->POST data > + session data->mywebpage3 > > -- > Johniboy > Just a thought - does this depend on using third party cookies between your site and PayPal? If so, do you have them disabled in Firefox? Andrew
[PHP] Re: PHP session variables
On 8/8/2012 11:24 AM, Ansry User 01 wrote: I am setting the _SESSION variables in one of my file, but whenever I leave the php page session variables are not accessible. Not sure what I need to do additionally other then defining _SESSION[]. Any pointer. You must make it a habit to start each script with session_start(); so that any thing you did in the last script is returned for use in the new script. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Checking
On Jul 9, 2012, at 2:40 PM, Floyd Resler wrote: > I want to have an alert pop up to let the user know their session is about to > expire. Would the best approach be to do a timer in Javascript or check it > in PHP. I'm storing session data in a MySQL database so I can know when a > session will expire. If I check it through PHP will the session expiration > refresh when I check it? > > Thanks! > Floyd Floyd: If this was my problem, my solution would be: 1. A PHP script that recorded (via MySQL) the date/time when the user successfully accessed something private (i.e., password protected). 2. The next time the user requested protected-access again, I would have the script look at the last time the user accessed this data and see IF the time period between accesses (then and now) exceeded an established time limit. If so, then deny access. If not, then reset the timer and allow access. That's the way it would work on the server-side. However, the server-side really has no efficient way to notify the user their session is "about" to expire -- instead that should take place client-side and without question, you'll need a client-side JavaScript timer. The client-side timer simply preforms a count-down and notifies the user when their session is about to expire. The important thing to realize here is that the client-side and server-side scripts have no communication between each other nor is any needed other than when to start the count-down. The two scripts are separate, but are working in "apparent" concert. The server-side script will be the ultimate decider of IF the user's session has timed out or not. The client-side script only notifies the user of the count-down and nothing else. HTH's tedd PS: Arby's? _ t...@sperling.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Checking
On Mon, Jul 9, 2012 at 2:40 PM, Floyd Resler wrote: > I want to have an alert pop up to let the user know their session is about to > expire. Would the best approach be to do a timer in Javascript or check it > in PHP. I'm storing session data in a MySQL database so I can know when a > session will expire. If I check it through PHP will the session expiration > refresh when I check it? If the browser is accessing the script, even in the background (such as via AJAX calls), it'll renew the session. What you could do is populate some JavaScript to count down to the expiry, or - if you're storing sessions via MySQL or something similar - check the record manually via a non-session-enabled script. > BTW, is Arby's having a roast beef sale or something? Everyone on the list > seems to be gone! Better not be. I just had lunch 90 minutes ago. (Though, since it was homemade wood-smoked barbecue beef brisket with pickles and red onions on a kaiser roll, I guess I can't complain.) -- Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session lost problem
2012/4/24 ma...@behnke.biz > > > bug zhu hat am 24. April 2012 um 08:28 geschrieben: > > > thank you for your explanation, > > when i write to $_SESSION after session_commit(),$_SESSION is just a > > regular array > > Yes. Actually session_commit does not "terminate" the session as mentioned > earlier but is closes it for writing. You cann still read session values. > > The benefit of using session_commit is that the server saved associated > session file is no longer locked, so that parallel requests can both access > the values. > > The approach ist as follows: > Call session_commit() as early in you code (after session_open) as possible > to avoid locking. So first do all the writing to the $_SESSION array, then > do write close (or commit). After that you can still read all session > relevant information. > > If you want to write afterwards to your $_SESSIOn array you simply have to > call session_start to re-open the write context. Afterwards you can commit > it again to remove the lock. > > But be careful! session_start and session_commit perform write operations > on your harddisk or whatever storage you use. Many calls to start and > commit will result in losing performance. > > Regards, > Marco > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > got it, very appreciate you explanation:-) -- thanks, bugzhu
Re: [PHP] session lost problem
bug zhu hat am 24. April 2012 um 08:28 geschrieben: > thank you for your explanation, > when i write to $_SESSION after session_commit(),$_SESSION is just a > regular array Yes. Actually session_commit does not "terminate" the session as mentioned earlier but is closes it for writing. You cann still read session values. The benefit of using session_commit is that the server saved associated session file is no longer locked, so that parallel requests can both access the values. The approach ist as follows: Call session_commit() as early in you code (after session_open) as possible to avoid locking. So first do all the writing to the $_SESSION array, then do write close (or commit). After that you can still read all session relevant information. If you want to write afterwards to your $_SESSIOn array you simply have to call session_start to re-open the write context. Afterwards you can commit it again to remove the lock. But be careful! session_start and session_commit perform write operations on your harddisk or whatever storage you use. Many calls to start and commit will result in losing performance. Regards, Marco -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session lost problem
thank you for your explanation,
when i write to $_SESSION after session_commit(),$_SESSION is just a
regular array
2012/4/24 Stuart Dallas
> Please don't top-post, and please include the list when replying.
>
> On 24 Apr 2012, at 06:35, bug zhu wrote:
> > 2012/4/24 Stuart Dallas
> >> On 24 Apr 2012, at 05:58, bug zhu wrote:
> >>
> >> > there are tow php files a.php and b.php,
> >> >
> >> > content of a.php as follows:
> >> > >> > session_start();
> >> > if (!isset($_GET['flag']))
> >> > {
> >> > header('Location: b.php');
> >> > }
> >> > else
> >> > {
> >> > var_dump($_SESSION);
> >> > }
> >> >
> >> > content of b.php as follows:
> >> > >> > session_start();
> >> > session_commit();
> >> > $_SESSION['test'] = 'test';
> >> > session_commit();
> >> > header('Location: a.php?flag=1');
> >> >
> >> > when i visit a.php, the dumped $_SESSION array is empty
> >> > but if i commented the first session_commit() in b.php and then visit
> >> > a.php, i cound see the $_SESSION array,which is not empty
> >> > i wish i have descibed clear about my problem and someone could give
> me a
> >> > feedback~
> >>
> >>
> >> I'm really not clear on what you're trying to do here, but the
> behaviour you're describing is as designed. When you call session_commit()
> you are saving and closing the session, so nothing done to $_SESSION after
> that point will be saved, even if you call session_commit() again.
> >
> > but in a single file without redirect, code as follows
> > > session_start();
> > session_commit();
> > $_SESSION['test'] = 'test';
> > session_commit();
> > var_dump($_SESSION);
> >
> > could dump the $_SESSION array.
>
> Yes, because $_SESSION is not special in any way other than that it's used
> by the session system; it's no more than a superglobal array. So within one
> request that array contains whatever you put into it, but that doesn't mean
> it is stored in whatever session storage mechanism you're using (files by
> default). When you redirect to another URL that's a whole new request so
> the contents of $_SESSION have to be loaded from the session storage.
>
> -Stuart
>
> --
> Stuart Dallas
> 3ft9 Ltd
> http://3ft9.com/
>
--
thanks,
bugzhu
Re: [PHP] session lost problem
On Tue, Apr 24, 2012 at 12:58 AM, bug zhu wrote:
> there are tow php files a.php and b.php,
>
> content of a.php as follows:
> session_start();
> if (!isset($_GET['flag']))
> {
> header('Location: b.php');
> }
> else
> {
> var_dump($_SESSION);
> }
>
> content of b.php as follows:
> session_start();
> session_commit();
> $_SESSION['test'] = 'test';
> session_commit();
> header('Location: a.php?flag=1');
>
> when i visit a.php, the dumped $_SESSION array is empty
> but if i commented the first session_commit() in b.php and then visit
> a.php, i cound see the $_SESSION array,which is not empty
> i wish i have descibed clear about my problem and someone could give me a
> feedback~
Hi,
So, you:
1) Visit page a.php (I'm assuming without the flag)
2) Are forwarded to page b.php, which you're expecting to store a
session variable 'test'.
3) Then forwarded back to page a.php.
You're likely expecting that you're return visit to page a.php should
reveal the 'test' variable.
The issue is that you're calling session_commit(), which is actually
an alias for session_write_close(). This function actually stops the
current session. So, when you hit the line $_SESSION['test'] = 'test',
your session has already terminated.
Try removing the session_commit() calls (or at least permanently
remove the first call.) You only want to call session_commit() when
you're done accessing/updating $_SESSION variables.
Adam
--
Nephtali: A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session lost problem
Please don't top-post, and please include the list when replying.
On 24 Apr 2012, at 06:35, bug zhu wrote:
> 2012/4/24 Stuart Dallas
>> On 24 Apr 2012, at 05:58, bug zhu wrote:
>>
>> > there are tow php files a.php and b.php,
>> >
>> > content of a.php as follows:
>> > > > session_start();
>> > if (!isset($_GET['flag']))
>> > {
>> > header('Location: b.php');
>> > }
>> > else
>> > {
>> > var_dump($_SESSION);
>> > }
>> >
>> > content of b.php as follows:
>> > > > session_start();
>> > session_commit();
>> > $_SESSION['test'] = 'test';
>> > session_commit();
>> > header('Location: a.php?flag=1');
>> >
>> > when i visit a.php, the dumped $_SESSION array is empty
>> > but if i commented the first session_commit() in b.php and then visit
>> > a.php, i cound see the $_SESSION array,which is not empty
>> > i wish i have descibed clear about my problem and someone could give me a
>> > feedback~
>>
>>
>> I'm really not clear on what you're trying to do here, but the behaviour
>> you're describing is as designed. When you call session_commit() you are
>> saving and closing the session, so nothing done to $_SESSION after that
>> point will be saved, even if you call session_commit() again.
>
> but in a single file without redirect, code as follows
> session_start();
> session_commit();
> $_SESSION['test'] = 'test';
> session_commit();
> var_dump($_SESSION);
>
> could dump the $_SESSION array.
Yes, because $_SESSION is not special in any way other than that it's used by
the session system; it's no more than a superglobal array. So within one
request that array contains whatever you put into it, but that doesn't mean it
is stored in whatever session storage mechanism you're using (files by
default). When you redirect to another URL that's a whole new request so the
contents of $_SESSION have to be loaded from the session storage.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session lost problem
On 24 Apr 2012, at 05:58, bug zhu wrote:
> there are tow php files a.php and b.php,
>
> content of a.php as follows:
> session_start();
> if (!isset($_GET['flag']))
> {
> header('Location: b.php');
> }
> else
> {
> var_dump($_SESSION);
> }
>
> content of b.php as follows:
> session_start();
> session_commit();
> $_SESSION['test'] = 'test';
> session_commit();
> header('Location: a.php?flag=1');
>
> when i visit a.php, the dumped $_SESSION array is empty
> but if i commented the first session_commit() in b.php and then visit
> a.php, i cound see the $_SESSION array,which is not empty
> i wish i have descibed clear about my problem and someone could give me a
> feedback~
I'm really not clear on what you're trying to do here, but the behaviour you're
describing is as designed. When you call session_commit() you are saving and
closing the session, so nothing done to $_SESSION after that point will be
saved, even if you call session_commit() again.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SESSION var and Objects problem
Hi, Jim To avoid this kind of problem it would also help to provide an autoloader-function as PHP then tries to load the class-definition by this autoloader ;) Using that you'd bind yourself to have a pretty good system for php-classes and you'd avoid having problems like that. I'd in fact have never thought about a solution like that - but that may comes from the fact that I always use auto-loader-scripts ;) One additional info: I had some problems putting an instance of *SimpleXmlElement *into the session ... The only valuable info I found was this error: *Fatal error: Exception thrown without a stack frame in Unknown on line 0* Here's the solution and description why: http://stackoverflow.com/questions/4624223/object-in-session-fatal-error-exception-thrown-without-a-stack-frame-in-unknow#answer-4624256 Bye Simon 2012/3/2 Jim Giner > "Stuart Dallas" wrote in message > news:7eeba658-c7f6-4449-87bd-aac71b41e...@3ft9.com... > > Make sure the class is declared before you call session_start. > * > > You Da Man!! > > I see now why it makes a difference. The session tries to bring back the > data but doesn't know how to handle the objects in the session vars since > the objects haven't been defined. Never would of thought of that! > > Thank you for being there! :) > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] SESSION var and Objects problem
"Stuart Dallas" wrote in message news:7eeba658-c7f6-4449-87bd-aac71b41e...@3ft9.com... Make sure the class is declared before you call session_start. * You Da Man!! I see now why it makes a difference. The session tries to bring back the data but doesn't know how to handle the objects in the session vars since the objects haven't been defined. Never would of thought of that! Thank you for being there! :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SESSION var and Objects problem
On 2 Mar 2012, at 21:09, Jim Giner wrote: > ok - In examinig the objects in the Session after the data has been > displayed and the user has hit triggered a re-entry into my script (just one > script involved here), the objects in the session array now say > "[__PHP_Incomplete_Class_Name" and "__PHP_Incomplete_Class Object ". They > didn't say that during my examiniation of the sess var before exiting the > script. > > Also with All error reporting on (a great tip that I never think of) I get > many messages indicating that the object may not have been loaded. I don't > know what this means. The include file for my class is present in my script > and is always loaded. But at this point in the process no functions of the > class have been called. Is that a problem? In trying to re-display my data > stored in the Sessioin array I instantiate a var of the class and then pop > an array off the session var and assign it to the object and then call my > display function to show the data on the webpage - that is where I get the > errors. Here is one of these messages: > > Notice: DisplayAnEntry() [function.displayanentry]: The script tried to > execute a method or access a property of an incomplete object. Please ensure > that the class definition "Entry" of the object you are trying to operate on > was loaded _before_ unserialize() gets called or provide a __autoload() > function to load the class definition in > /home/albany/public_html/tms/php/tmsentry.php on line 372 Make sure the class is declared before you call session_start. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SESSION var and Objects problem
ok - In examinig the objects in the Session after the data has been displayed and the user has hit triggered a re-entry into my script (just one script involved here), the objects in the session array now say "[__PHP_Incomplete_Class_Name" and "__PHP_Incomplete_Class Object ". They didn't say that during my examiniation of the sess var before exiting the script. Also with All error reporting on (a great tip that I never think of) I get many messages indicating that the object may not have been loaded. I don't know what this means. The include file for my class is present in my script and is always loaded. But at this point in the process no functions of the class have been called. Is that a problem? In trying to re-display my data stored in the Sessioin array I instantiate a var of the class and then pop an array off the session var and assign it to the object and then call my display function to show the data on the webpage - that is where I get the errors. Here is one of these messages: Notice: DisplayAnEntry() [function.displayanentry]: The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition "Entry" of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide a __autoload() function to load the class definition in /home/albany/public_html/tms/php/tmsentry.php on line 372 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SESSION var and Objects problem
Please quote the pertinent bit of the message you're replying to, it makes
using the list a halluvalot easier and improves SEO for the archives.
On 2 Mar 2012, at 20:55, Jim Giner wrote:
> Yes I ahve the class defined. The classes work in most cases - just this one
> place where I want to save the objects in a sess var for re-use fails me.
Put the following line at the top of the code that you posted and post the
output.
echo ''; var_dump($_SESSION['TMScurr_evts']); die('');
Have you checked your error log, or your error settings? Scripts generally
don't stop executing for no reason or without saying why.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SESSION var and Objects problem
Yes I ahve the class defined. The classes work in most cases - just this one place where I want to save the objects in a sess var for re-use fails me. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SESSION var and Objects problem
On 2 Mar 2012, at 20:07, Jim Giner wrote:
> My first foray into classes & objects.
>
> When retrieving a set of records, I'm using a class to build an object. At
> this time I save each record/object into a Session array by doing this:
>
> $rows = mysql_num_rows($qrslts);
> if ($rows > 0)
> for ($i=1;$i<=$rows;$i++)
> {
> $row = mysql_fetch_array($qrslts);
> $e = new Entry;
> if ($e->GetAnEntry($row['recordkey'],$row['Eventcode']))
> {
>$evts[] = $e;
>array_push($_SESSION['TMScurr_evts'],$e); // THIS DOESN'T
>$cls_errs .= " Stored $e->event in sess var $i-1; "; // THIS
> WORKS
> }
> else
>$cls_errs .= "Could not retrieve event record for
> ".$row['recordkey']." ".$row['Eventcode'];
> }
What is the type of $e (i.e. what's the class called)?
Side note... it looks like GetAnEntry fetches the entry into internal data.
This isn't really how objects are supposed to work. To be more OO-like you
should be passing the recordkey and Eventcode values into the constructor. But
that's not relevant to your issue.
> The above code works AFAIK - the line above the array_push correctly stores
> my retreived record data in the $evts array just fine and I can see the
> data when I use that array to display my page.
> Note also that the var $cls_errs following the array_push does show me that
> valid values are being stored in $e
> Later on, in my main process I attempt to retreive the contents of my
> Session var to use to re-display the data. The code for that doesn't
> display any values. In trying to debug this here is what I've done:
>
> $cnt = count($_SESSION['TMScurr_evts']);
> echo "In Display process with $cnt recs in session var TMScurr_evts. ";
> // THIS WORKS
> reset($_SESSION['TMScurr_evts']);
> $e = new Entry;
> for ($i=0;$i {
> $e = array_pop($_SESSION['TMScurr_evts']);
> echo " in Display process - sess event $i is $e->event";//
> THIS DOESN'T
> }
>
> This debugging code correctly tells me how many entries are in the Session
> array variable, but the attempt to echo the values stored in the first field
> of each object contained in it shows blank for each one.
>
> What am I doing wrong when I try to pull the contents of my session array
> out and store them back into an Entry object, one at a time, so that I can
> display the object on my webpage??
In the above script, the one that gets the objects out of the session, has the
class been declared? IOW, have you included the PHP file that defines that
class? If not then it won't be able to recreate the object.
If that was the problem then I suggest you make sure you have error_reporting
set to at least E_ALL, and display_errors set on, because this issue will be
causing a fatal error, the text of which would make it obvious what's going
wrong.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session treating
Hello Ashley, > One thing sticks out a little bit to me. In your index.php file, you're > accessing an element of the $_SESSION array, but without calling > session_start() first. I believe this may be causing the issue you are seeing. I tried using it without success. I'm having now 3 separate session IDs: 1. Before the login form is processed, 2. After the login form is processed, 3. When clicking the Articles link, on the articles.php page. -- With best regards from Ukraine, Andre Skype: Francophile My blog: http://oire.org/menelion (mostly in Russian) Twitter: http://twitter.com/m_elensule Facebook: http://facebook.com/menelion -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session treating
Andre Polykanine wrote:
>Hi guys and girls,
>I'm completely stuck at a really stupid thing.
>For some reason my session id doesn't pass through the links.
>
>Here is the code:
>
>index.php:
>
>// Checking if the admin was ever authorized
>if ($_SESSION['PSS']!=session_id()) $auth=0; else $auth=1;
>if ($_SESSION['Editor']!="Voice of Istanor") $auth=0; else $auth=1;
>
>if ($auth==0) {
>if (!@$_POST) {
>// If there's no POST values, including the login form
>include "login.php";
>// For debugging only, outputs: "Session name: PHPSESSID, session id:
>";
>printf("Session name: %s, Session Id: %s", session_name(),
>session_id());
>} else {
>// Here go real values
>if (($_POST['uname']!="Tralala") ||
>(sha1($_POST['upass'])!="abcdeftralala")) {
>echo "Invalid login or password!";
>include "login.php";
>} else {
>// Attention!
>session_name("PalantirSessId");
>session_start();
>// Everything goes Ok here
>printf("Session name: %s, Session Id: %s", session_name(),
>session_id());
>$_SESSION['PSS']=session_id();
>$_SESSION['Editor']=$_POST['uname'];
>$auth=1;
>}
>}
>}
>
>if ($auth==1) {
>echo "
>
>
>
>";
>include "header.html";
>// Still ok! the same name, the same Id
>printf("Session name: %s, Session Id: %s", session_name(),
>session_id());
>
> end of code.
>
>But now go the links such as
>Articles management
>
>And there, in the articles.php, I write the following:
>
>session_name("PalantirSessId");
>session_start();
>printf("Session name: %s, Session Id: %s", session_name(),
>session_id());
>
>And here (!) the session name is correct, but the session id is
>changed.
>My question is: why?
>Thanks!
>
>--
>With best regards from Ukraine,
>Andre
>Skype: Francophile
>Twitter: http://twitter.com/m_elensule
>Facebook: http://facebook.com/menelion
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
One thing sticks out a little bit to me. In your index.php file, you're
accessing an element of the $_SESSION array, but without calling
session_start() first. I believe this may be causing the issue you are seeing.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session question
You can have a session start in an htaccess file. .htaccess php_value session.auto_start 1 Do not scream at me if you do not like this approach or it does not work for you. I use it and it works well for me. Simply a suggestion. Richard L. Buskirk -Original Message- From: Ross Hansen [mailto:hansen.r...@live.com.au] Sent: Tuesday, May 17, 2011 11:16 PM To: php-general@lists.php.net Subject: RE: [PHP] Session question Unless your adding more code to your included file it isn't worth having it as an include as there is more typing/text involved. For management purposes also it would also look ugly if you were just having one file purely for session_start(); > From: p...@computer.org > Date: Tue, 17 May 2011 13:01:19 +0200 > To: php-general@lists.php.net > Subject: Re: [PHP] Session question > > Paul Halliday wrote: > > > Is it OK to have session_start as an include? > > > > Yes. > > > > -- > Per Jessen, Zürich (18.1°C) > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session question
Unless your adding more code to your included file it isn't worth having it as an include as there is more typing/text involved. For management purposes also it would also look ugly if you were just having one file purely for session_start(); > From: p...@computer.org > Date: Tue, 17 May 2011 13:01:19 +0200 > To: php-general@lists.php.net > Subject: Re: [PHP] Session question > > Paul Halliday wrote: > > > Is it OK to have session_start as an include? > > > > Yes. > > > > -- > Per Jessen, Zürich (18.1°C) > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
Re: [PHP] Session question
Paul Halliday wrote: > Is it OK to have session_start as an include? > Yes. -- Per Jessen, Zürich (18.1°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session variable problem
call session_destroy(); then start the session again
Re: [PHP] session variable problem
On 3/25/2011 3:55 PM, Peter Lind wrote: More info (including some code) would be needed to get to the bottom of this, I'd say. Hard to diagnose what's happening otherwise. Regards Peter So I guess there is no list of things to check for sessions? I'll try to pair down the code to something postable, but it does work on the old server.let me see what I can come up with. -- Mark B -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session variable problem
More info (including some code) would be needed to get to the bottom of this, I'd say. Hard to diagnose what's happening otherwise. Regards Peter -- WWW: plphp.dk / plind.dk LinkedIn: plind BeWelcome/Couchsurfing: Fake51 Twitter: kafe15 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session variable problem
On 3/25/2011 12:13 PM, Ken Robinson wrote: At 01:09 PM 3/25/2011, markb wrote: Very rusty with PHP. We moved our web site to a new hosting service (godaddy). PHP changed from 4x to 5.2.17. I can no longer change $_SESSION variables after the first use. First call to form - start session create variables Second call - can read variables, change existing ones (but they do not persist to next call) - cannot create new variable without an error What's the error you're getting? Also, do you have a call to session_start() at the beginning of each script before any output is sent to the browser? Ken More info perhaps. Changes I make using the page's form are persevered. Any changes made with php are not saved. Checking the session file confirms this. I'm missing something obvious here. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session variable problem
On 3/25/2011 12:13 PM, Ken Robinson wrote: At 01:09 PM 3/25/2011, markb wrote: Very rusty with PHP. We moved our web site to a new hosting service (godaddy). PHP changed from 4x to 5.2.17. I can no longer change $_SESSION variables after the first use. First call to form - start session create variables Second call - can read variables, change existing ones (but they do not persist to next call) - cannot create new variable without an error What's the error you're getting? Also, do you have a call to session_start() at the beginning of each script before any output is sent to the browser? Ken No error messages at all. error_reporting(E_ALL ^ E_NOTICE ); (I thought I was getting an error when creating new variables but that must have been a typo.) Session_start() called before any output (script was working on old host). -- Mark B -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session variable problem
At 01:09 PM 3/25/2011, markb wrote: Very rusty with PHP. We moved our web site to a new hosting service (godaddy). PHP changed from 4x to 5.2.17. I can no longer change $_SESSION variables after the first use. First call to form - start session create variables Second call - can read variables, change existing ones (but they do not persist to next call) - cannot create new variable without an error What's the error you're getting? Also, do you have a call to session_start() at the beginning of each script before any output is sent to the browser? Ken -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP session replication
Hi Florin, thank you for your write up, actually the main reason why I asked the original question was because I mainly write servlet based webapps currently but I've decided to use PHP for my next project mainly for exploratory reasons. On Sat, Mar 19, 2011 at 10:06 AM, Florin Jurcovici < florin.jurcov...@gmail.com> wrote: > Hi. > > Just for comparison: > > PHP does not provide sessions in the same way a servlet-based platform > provides. PHP actually destroys the in-mem representation of sessions > after each request is served, whereas a servlet-based platform caches > the sessions in mem between requests. > > ASP.Net also serializes session state, but not into a cookie - it uses > a hidden field instead. Which works around cookie size limitation. You > don't even have a choice of database sessions with ASP.Net. OTOH, even > if performance might suffer, scalability, as far as the sessions > mechanism is concerned, is excellent - you don't need session > replication. > > Servlet-based platforms provide the most complicated solution, when > compared to the other two. They keep sessions in mem, which improves > performance (no serialization/deserialization for each request), but > creates potential scalability problems. You won't hit the wall at a > few thousands of users, but replicating maybe a million sessions among > no more than a hundred servers causes the replication process to > consume quite a lot of resources, the resources being used for > replication increasing faster than linearly with each added server > (not quite exponentially, though). You can use sticky sessions with > most servlet-based platforms, but these come with their own problems > (already described by a previous poster). Nevertheless, in mem > sessions a la servlets are a very convenient mechanism to use - the > session replication is provided by the platform, and the app > programmer doesn't have to worry about it. > > All three approaches rely on every piece of data in the session being > serializable, so you can't store interesting objects, like an open > file or the like, in sessions. > > Does anybody know of any fundamentally different session > sharing/replication mechanism? > > br, > > flj > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Signed, Alessandro Ferrucci
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
> -Original Message-
> From: Cheryl Sullivan [mailto:csull...@shh.org]
> Sent: Friday, September 17, 2010 7:51 AM
> To: Peter Lind; tommy...@gmail.com
> Cc: a...@ashleysheridan.co.uk; php-general@lists.php.net
> Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those
> loaded from MYSQL Query stick
>
> Hi there - just to clear things up, I didn't mean your answer was
irrelevant. It
> was an excellent point - I just took the function call encompassing the
query
> string out of the code I posted to avoid people having to read too much.
I
> thought showing the function call was irrelevant. Hope that makes sense -
I
> did not intend to insult people who are taking the time to try to help me!
>
> Anyhoo - at the risk of going off the deep end in the other directions
here
> are is everything - the three pages that currently encompass this
> application. You can see by the output I posted that appears on
> empForm.php that the SSN and Cost Center session vars come up blank,
> while the other three session vars and the hidden form fields do not.
Thank
> you!
>
> Default.php
> -
>
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
> http://www.w3.org/1999/xhtml";>
>
>
> Employee Illness - Injury Report rel="stylesheet" type="text/css" /> src="functions.js"> onload="javascript:frmValidateMe.txtLastName.focus();">
>
>
>
> For information or questions for this system,
> please contact Linda Williams x5984
>
>
>
>
> Enter the system by validating,
> below.
>action="mainRedirect.php">
>
>
> Your Last Name type="text" maxlength="100" name="txtLastName" id="txtLastName"
> />
>
>
> Your SHH Badge ID
> # id="txtBadgeID" />
>
>
> I need
> to value="0" checked/>Report my Injury/Illness name="rdoAction" id="rdoAction" value="1" />Check the Status/Update my
> Report
>
>
> onclick="validateValidate();"/>
>
>
>
>
>
>
>
> --
> mainRedirect.php (as you can see I now have it set up to submit a form,
but I
> also have commented out the code I used to try to do a redirect.)
>
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
> http://www.w3.org/1999/xhtml";>
>
>
> Employee Illness - Injury Report Submit rel="stylesheet" type="text/css" /> src="functions.js">
>
>
>
> function hitMSSQL($query,$server,$db,$login,$pass,$senditback){
> $conn = new COM ("ADODB.Connection") or die("Cannot start ADO");
> $connStr =
> "PROVIDER=SQLOLEDB;SERVER=".$server.",1433;UID=".$login.";PWD=".$pass
> .";DATABASE=".$db;
> $conn->open($connStr);
> if($senditback==1){
> return $conn->execute($query);
> }else{
> $conn->execute($query);
> }}
>
> function GetSQLValueString($theValue, $theType, $database,
> $theDefinedValue = "", $theNotDefinedValue = "") {
> if (PHP_VERSION < 6) {
> $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) :
> $theValue;
> }
>
> if($database==1){
> $theValue = mysql_real_escape_string($theValue);
> }else{
> $theValue = str_replace("'","''",$theValue);
> }
>
> switch ($theType) {
> case "text":
> $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
> break;
> case "long":
> case "int":
> $theValue = ($theValue != "") ? intval($theValue) : "NULL";
> break;
> case "double":
> $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
> break;
> case "date":
> $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
> break;
> case "defined":
> $theValue = ($theValue != "") ? $theDefinedValue :
> $theNotDefinedValue;
> break;
> }
> return $theValue;
> }
>
> $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName']));
> $_SESSION['BadgeID'
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick (SOLVED)
FANTASTIC!!! This did the trick!
"By explicitly typecasting the value to a string when you assign it to the
session, you'll get the value rather than its wrapper."
Thank you all for your help! I will pass the comments on about employing the
MS's SQL Server Driver for PHP as well -
Thanks again -
-Original Message-
From: Andrew Ballard [mailto:aball...@gmail.com]
Sent: Friday, September 17, 2010 11:15 AM
To: Cheryl Sullivan
Cc: Peter Lind; tommy...@gmail.com; a...@ashleysheridan.co.uk;
php-general@lists.php.net
Subject: Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from
MYSQL Query stick
On Fri, Sep 17, 2010 at 10:50 AM, Cheryl Sullivan wrote:
> Hi there - just to clear things up, I didn't mean your answer was irrelevant.
> It was an excellent point - I just took the function call encompassing the
> query string out of the code I posted to avoid people having to read too
> much. I thought showing the function call was irrelevant. Hope that makes
> sense - I did not intend to insult people who are taking the time to try to
> help me!
>
> Anyhoo - at the risk of going off the deep end in the other directions here
> are is everything - the three pages that currently encompass this
> application. You can see by the output I posted that appears on empForm.php
> that the SSN and Cost Center session vars come up blank, while the other
> three session vars and the hidden form fields do not. Thank you!
>
> Default.php
> -
>
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
> http://www.w3.org/1999/xhtml";>
>
>
> Employee Illness - Injury Report
>
>
>
>
>
>
>
> For information or questions for this system, please
> contact Linda Williams x5984
>
>
>
>
> Enter the system by validating, below.
>
>
>
> Your Last Name type="text" maxlength="100" name="txtLastName" id="txtLastName" />
>
>
> Your SHH Badge ID
> # />
>
>
> I need
> to checked/>Report my Injury/Illness id="rdoAction" value="1" />Check the Status/Update my Report
>
>
> onclick="validateValidate();"/>
>
>
>
>
>
>
>
> --
> mainRedirect.php (as you can see I now have it set up to submit a form, but I
> also have commented out the code I used to try to do a redirect.)
>
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
> http://www.w3.org/1999/xhtml";>
>
>
> Employee Illness - Injury Report Submit
>
>
>
>
>
>
> function hitMSSQL($query,$server,$db,$login,$pass,$senditback){
> $conn = new COM ("ADODB.Connection") or die("Cannot start ADO");
> $connStr =
> "PROVIDER=SQLOLEDB;SERVER=".$server.",1433;UID=".$login.";PWD=".$pass.";DATABASE=".$db;
> $conn->open($connStr);
> if($senditback==1){
> return $conn->execute($query);
> }else{
> $conn->execute($query);
> }}
>
> function GetSQLValueString($theValue, $theType, $database, $theDefinedValue =
> "", $theNotDefinedValue = "")
> {
> if (PHP_VERSION < 6) {
> $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
> }
>
> if($database==1){
> $theValue = mysql_real_escape_string($theValue);
> }else{
> $theValue = str_replace("'","''",$theValue);
> }
>
> switch ($theType) {
> case "text":
> $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
> break;
> case "long":
> case "int":
> $theValue = ($theValue != "") ? intval($theValue) : "NULL";
> break;
> case "double":
> $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
> break;
> case "date":
> $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
> break;
> case "defined":
> $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
> break;
> }
> return $theValue;
> }
>
> $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName']));
> $_SESSION['BadgeID'] = trim($_POST[&#x
Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
On Fri, Sep 17, 2010 at 10:50 AM, Cheryl Sullivan wrote:
> Hi there - just to clear things up, I didn't mean your answer was irrelevant.
> It was an excellent point - I just took the function call encompassing the
> query string out of the code I posted to avoid people having to read too
> much. I thought showing the function call was irrelevant. Hope that makes
> sense - I did not intend to insult people who are taking the time to try to
> help me!
>
> Anyhoo - at the risk of going off the deep end in the other directions here
> are is everything - the three pages that currently encompass this
> application. You can see by the output I posted that appears on empForm.php
> that the SSN and Cost Center session vars come up blank, while the other
> three session vars and the hidden form fields do not. Thank you!
>
> Default.php
> -
>
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
> http://www.w3.org/1999/xhtml";>
>
>
> Employee Illness - Injury Report
>
>
>
>
>
>
>
> For information or questions for this system, please
> contact Linda Williams x5984
>
>
>
>
> Enter the system by validating, below.
>
>
>
> Your Last Name type="text" maxlength="100" name="txtLastName" id="txtLastName" />
>
>
> Your SHH Badge ID
> # />
>
>
> I need
> to checked/>Report my Injury/Illness id="rdoAction" value="1" />Check the Status/Update my Report
>
>
> onclick="validateValidate();"/>
>
>
>
>
>
>
>
> --
> mainRedirect.php (as you can see I now have it set up to submit a form, but I
> also have commented out the code I used to try to do a redirect.)
>
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
> http://www.w3.org/1999/xhtml";>
>
>
> Employee Illness - Injury Report Submit
>
>
>
>
>
>
> function hitMSSQL($query,$server,$db,$login,$pass,$senditback){
> $conn = new COM ("ADODB.Connection") or die("Cannot start ADO");
> $connStr =
> "PROVIDER=SQLOLEDB;SERVER=".$server.",1433;UID=".$login.";PWD=".$pass.";DATABASE=".$db;
> $conn->open($connStr);
> if($senditback==1){
> return $conn->execute($query);
> }else{
> $conn->execute($query);
> }}
>
> function GetSQLValueString($theValue, $theType, $database, $theDefinedValue =
> "", $theNotDefinedValue = "")
> {
> if (PHP_VERSION < 6) {
> $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
> }
>
> if($database==1){
> $theValue = mysql_real_escape_string($theValue);
> }else{
> $theValue = str_replace("'","''",$theValue);
> }
>
> switch ($theType) {
> case "text":
> $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
> break;
> case "long":
> case "int":
> $theValue = ($theValue != "") ? intval($theValue) : "NULL";
> break;
> case "double":
> $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
> break;
> case "date":
> $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
> break;
> case "defined":
> $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
> break;
> }
> return $theValue;
> }
>
> $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName']));
> $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']);
>
>
> $q = sprintf("select * from emps where emp_last = %s and emp_badge = %s",
> GetSQLValueString($_SESSION['UserLastName'], "text", 1),
> GetSQLValueString($_SESSION['BadgeID'],"int", 1));
> $q1 = "select * from emps where emp_last = '".$_SESSION['UserLastName']."'
> and emp_badge = '".$_SESSION['BadgeID']."'";
>
> $rs_emp_info = hitMSSQL($q1,"intra_sql","employees","emps","e!mps",1);
> $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn");
>
> $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter");
>
>
> //get form info for this employee
> $cnx =
> mysql_connect("localhost","appsuser","abc123");
> $db = mysql_select_db("wrii_report");
> $q1 = sprintf("select * from tblmainempreport
> where empUUID = '553920090528131'");
> //print $q1 ."";
> $result = mysql_query($q1);
> $recArray = mysql_fetch_array($result);
> $_SESSION['empFName'] = $recArray['EmpFName'];
> ?>
> action="empForm.php">
> " />
> value="fields("emp_costcenter");?>" />
>
> frmGoToEmpForm.submit();
> //header("Location:
> http://webapps/injury/empForm.php";);
> //exit();
>
>
>
>
>
> ?>
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
For information or questions for this system, please contact Linda Williams x5984 http://shhsnet/";>Return to SHH Intranet empForm.php - code --- "; print "session_CostCenter = ".$_SESSION['CostCenter'].""; print "hidden_SSN = ".$_POST['hdnSSN'].""; print "hidden_CostCenter = ".$_POST['hdnCostCenter'].""; print "session_empFName = ".$_SESSION['empFName'].""; print "session_userLastName = ".$_SESSION['UserLastName'].""; print "session_BadgeID = ".$_SESSION['BadgeID'].""; ?> Output from empForm.php --- session_SSN = session_CostCenter = hidden_SSN = 60 (it is displaying my actual SSN) hidden_CostCenter = 1604 session_empFName = CHERYL session_userLastName = sullivan session_BadgeID = 401337 -Original Message- From: Peter Lind [mailto:peter.e.l...@gmail.com] Sent: Thursday, September 16, 2010 4:20 PM To: Cheryl Sullivan Cc: a...@ashleysheridan.co.uk; php-general@lists.php.net Subject: Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick On 16 September 2010 20:03, Cheryl Sullivan wrote: > We are actually running the query through a function that removes single > ticks, etc to avoid this, but I didn't think that was relevant to the > question so I didn't include it. Thanks, though! You're the one with the problem you don't understand, which means you don't get to make decisions as what is or is not relevant. Rather: you have no idea what seems relevant to us trying to pinpoint the error. That said, if - like Andrew points out - you see the values directly after storing them, then the problem is not database related. What exactly happens between the two pages and on the second page? Regards Peter -- WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 Notice: This communication, including attachments, may contain information that is confidential and protected. It constitutes non-public information intended to be conveyed only to the designated recipient(s). If you believe that you have received this communication in error, please notify the sender immediately by return e-mail and promptly delete this e-mail, including attachments without reading or saving them in any manner. The unauthorized use, dissemination, distribution, or reproduction of this e-mail, including attachments, is prohibited and may be unlawful. Thank you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
On Fri, Sep 17, 2010 at 8:13 AM, Cheryl Sullivan wrote: > Hi Andrew - I didn't mean to ignore your reply... > > Here is your earlier post - > > " The fact that you can echo the $_SESSION information on the same page and > they contain the correct values suggest to me that the issue of MySQL/MSSQL > is a red herring. I would look into things like the value for > register_globals to make sure you don't have a global variable stepping on > some of your session variables." > > Register_globals is off in our php.ini file. > > Again, I am fairly new to PHP. I guess I don't understand how a global > variable can "step on" a session variable if the only thing I'm assigning > anywhere in my application to said session variable is a value from a > database query. When PHP changes pages, it might be arbitrarily assigning > some value to a session variable, even though I'm not telling it to? > > Can you please explain this to me? Thanks - > It's been a while since I've dealt with either, but I believe the most common way would involve register_globals (and session auto_start?). The session would automatically register global variables named $SSN or $CostCenter in your page that would be tied to $_SESSION['SSN'] and $_SESSION['CostCenter'], even before a line of code was executed. If you then change the value of $SSN - even if you intentionally initialize it to an empty value at the beginning of a script -- PHP would alter the value of SSN in the session itself. I don't know exactly what is happening in your case. All I am suggesting is that if you are getting the correct values from the database and you can see that they have been correctly assigned to the $_SESSION array when you echo them later in the script, the issue is somewhere other than with the database and you need to dig somewhere else for the solution. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
Hi Andrew - I didn't mean to ignore your reply... Here is your earlier post - " The fact that you can echo the $_SESSION information on the same page and they contain the correct values suggest to me that the issue of MySQL/MSSQL is a red herring. I would look into things like the value for register_globals to make sure you don't have a global variable stepping on some of your session variables." Register_globals is off in our php.ini file. Again, I am fairly new to PHP. I guess I don't understand how a global variable can "step on" a session variable if the only thing I'm assigning anywhere in my application to said session variable is a value from a database query. When PHP changes pages, it might be arbitrarily assigning some value to a session variable, even though I'm not telling it to? Can you please explain this to me? Thanks - -Original Message- From: Andrew Ballard [mailto:aball...@gmail.com] Sent: Thursday, September 16, 2010 2:21 PM To: Cheryl Sullivan Cc: Tommy Pham; php-general@lists.php.net Subject: Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick On Thu, Sep 16, 2010 at 10:26 AM, Cheryl Sullivan wrote: [snip] > When I echo all five $_SESSION vars from here, they are all populated. > Then I can either redirect or form post to the next page. In either > case, the $_SESSION vars populated from SQL Server ( the SSN and Cost > Center vars) are blank when I echo them on the destination page. On Thu, Sep 16, 2010 at 2:12 PM, Cheryl Sullivan wrote: > Tommy - I ran phpinfo() but I don't see anything in it referencing > MSSQL or SQLSRV. I have included all the references to "sql" I see > below, but the only references I see to databases are to mySQL and > SQLLite. Unfortunately I don't have any control over how service-packed > the database server is. Is there something in SP 4 for SQL Server 2000 > that is supposed to fix the issue I'm having, I may be able to plead my > case for getting the latest SP. Is this the case, do you know? > [snip] Again, I ask - based on what you said earlier - are you sure this is even a database issue? You said that when you echo the values in your $_SESSION array AFTER reading them from the database they are there, and you only lose them on the next request after either a redirect or a manual form POST. If the values are getting into $_SESSION correctly within this page, your issue is not related to the database at all. Am I misunderstanding you? Andrew Notice: This communication, including attachments, may contain information that is confidential and protected. It constitutes non-public information intended to be conveyed only to the designated recipient(s). If you believe that you have received this communication in error, please notify the sender immediately by return e-mail and promptly delete this e-mail, including attachments without reading or saving them in any manner. The unauthorized use, dissemination, distribution, or reproduction of this e-mail, including attachments, is prohibited and may be unlawful. Thank you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
> -Original Message- > From: Cheryl Sullivan [mailto:csull...@shh.org] > Sent: Thursday, September 16, 2010 11:12 AM > To: Tommy Pham; php-general@lists.php.net > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded from MYSQL Query stick > > Tommy - I ran phpinfo() but I don't see anything in it referencing MSSQL or > SQLSRV. I have included all the references to "sql" I see below, but the only > references I see to databases are to mySQL and SQLLite. Unfortunately I > don't have any control over how service-packed the database server is. Is > there something in SP 4 for SQL Server 2000 that is supposed to fix the issue > I'm having, I may be able to plead my case for getting the latest SP. Is this > the case, do you know? > Here's the long lists of fixes in SP4 for SQL2000: http://support.microsoft.com/kb/888799/ http://support.microsoft.com/kb/00/ As for if it's related to your current problem, we need to find out what are the possible causes for your problem. If you're not using mssql or sqlsrv extension, how are you able to access SQL Server, via ODBC? If you're not using ODBC either, then there is something seriously wrong with your app... or where you think you're getting the data that is supposed to be from MS SQL Server. Look at your class hitMSSQL. What does the internal of the class uses to connect, execute the query, and fetch the results? Are there any error catching/logging within the class? Or are all the statements begin with @? Regards, Tommy > mysql > MySQL Support enabled > Active Persistent Links 0 > Active Links 0 > Client API version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ > Persistent cache enabled put_hits 0 put_misses 0 get_hits 0 get_misses 0 > size 2000 free_items 2000 references 2 > > Directive Local Value Master Value > mysql.allow_local_infile On On > mysql.allow_persistent On On > mysql.cache_size 2000 2000 > mysql.connect_timeout 60 60 > mysql.default_host no value no value > mysql.default_password no value no value mysql.default_port no value no > value mysql.default_socket no value no value mysql.default_user no value > no value mysql.max_links Unlimited Unlimited mysql.max_persistent > Unlimited Unlimited mysql.trace_mode Off Off > > > mysqli > MysqlI Support enabled > Client API library version mysqlnd 5.0.5-dev - 081106 - $Revision: > 1.3.2.27 $ > Active Persistent Links 0 > Inactive Persistent Links 0 > Active Links 0 > Persistent cache enabled > put_hits 0 > put_misses 0 > get_hits 0 > get_misses 0 > size 2000 > free_items 2000 > references 2 > > Directive Local Value Master Value > mysqli.allow_local_infile On On > mysqli.allow_persistent On On > mysqli.cache_size 2000 2000 > mysqli.default_host no value no value > mysqli.default_port 3306 3306 > mysqli.default_pw no value no value > mysqli.default_socket no value no value mysqli.default_user no value no > value mysqli.max_links Unlimited Unlimited mysqli.max_persistent > Unlimited Unlimited mysqli.reconnect Off Off > > > mysqlnd > mysqlnd enabled > Version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ Command buffer > size 2048 Read buffer size 32768 Collecting statistics Yes Collecting > memory statistics Yes > > PDO > PDO support enabled > PDO drivers mysql, sqlite > > > pdo_mysql > PDO Driver for MySQL enabled > Client API version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ > Persistent cache enabled > put_hits 0 > put_misses 0 > get_hits 0 > get_misses 0 > size 2000 > free_items 2000 > references 2 > > Directive Local Value Master Value > pdo_mysql.cache_size 2000 2000 > > > pdo_sqlite > PDO Driver for SQLite 3.x enabled > SQLite Library 3.6.15 > > -Original Message- > From: Tommy Pham [mailto:tommy...@gmail.com] > Sent: Thursday, September 16, 2010 11:39 AM > To: php-general@lists.php.net > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded from MYSQL Query stick > > > -Original Message- > > From: Cheryl Sullivan [mailto:csull...@shh.org] > > Sent: Thursday, September 16, 2010 8:33 AM > > To: Tommy Pham; php-general@lists.php.net > > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > > loaded from MYSQL Query stick > > > > SQL Server 8.00.818 - SP3 (Enterprise Edition) > > > > 8? I think that's SQL 2000. If that's the case, you're 1 service pack > behind. The latest service pack for SQL 2000 is 4. > > > Unfortunately I am fairly new to PHP and my boss just went home sick > for > >
Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
On 16 September 2010 20:03, Cheryl Sullivan wrote: > We are actually running the query through a function that removes single > ticks, etc to avoid this, but I didn't think that was relevant to the > question so I didn't include it. Thanks, though! You're the one with the problem you don't understand, which means you don't get to make decisions as what is or is not relevant. Rather: you have no idea what seems relevant to us trying to pinpoint the error. That said, if - like Andrew points out - you see the values directly after storing them, then the problem is not database related. What exactly happens between the two pages and on the second page? Regards Peter -- WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
On Thu, Sep 16, 2010 at 10:26 AM, Cheryl Sullivan wrote: [snip] > When I echo all five $_SESSION vars from here, they are all populated. > Then I can either redirect or form post to the next page. In either > case, the $_SESSION vars populated from SQL Server ( the SSN and Cost > Center vars) are blank when I echo them on the destination page. On Thu, Sep 16, 2010 at 2:12 PM, Cheryl Sullivan wrote: > Tommy - I ran phpinfo() but I don't see anything in it referencing > MSSQL or SQLSRV. I have included all the references to "sql" I see > below, but the only references I see to databases are to mySQL and > SQLLite. Unfortunately I don't have any control over how service-packed > the database server is. Is there something in SP 4 for SQL Server 2000 > that is supposed to fix the issue I'm having, I may be able to plead my > case for getting the latest SP. Is this the case, do you know? > [snip] Again, I ask - based on what you said earlier - are you sure this is even a database issue? You said that when you echo the values in your $_SESSION array AFTER reading them from the database they are there, and you only lose them on the next request after either a redirect or a manual form POST. If the values are getting into $_SESSION correctly within this page, your issue is not related to the database at all. Am I misunderstanding you? Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
Tommy - I ran phpinfo() but I don't see anything in it referencing MSSQL or SQLSRV. I have included all the references to "sql" I see below, but the only references I see to databases are to mySQL and SQLLite. Unfortunately I don't have any control over how service-packed the database server is. Is there something in SP 4 for SQL Server 2000 that is supposed to fix the issue I'm having, I may be able to plead my case for getting the latest SP. Is this the case, do you know? mysql MySQL Support enabled Active Persistent Links 0 Active Links 0 Client API version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ Persistent cache enabled put_hits 0 put_misses 0 get_hits 0 get_misses 0 size 2000 free_items 2000 references 2 Directive Local Value Master Value mysql.allow_local_infile On On mysql.allow_persistent On On mysql.cache_size 2000 2000 mysql.connect_timeout 60 60 mysql.default_host no value no value mysql.default_password no value no value mysql.default_port no value no value mysql.default_socket no value no value mysql.default_user no value no value mysql.max_links Unlimited Unlimited mysql.max_persistent Unlimited Unlimited mysql.trace_mode Off Off mysqli MysqlI Support enabled Client API library version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ Active Persistent Links 0 Inactive Persistent Links 0 Active Links 0 Persistent cache enabled put_hits 0 put_misses 0 get_hits 0 get_misses 0 size 2000 free_items 2000 references 2 Directive Local Value Master Value mysqli.allow_local_infile On On mysqli.allow_persistent On On mysqli.cache_size 2000 2000 mysqli.default_host no value no value mysqli.default_port 3306 3306 mysqli.default_pw no value no value mysqli.default_socket no value no value mysqli.default_user no value no value mysqli.max_links Unlimited Unlimited mysqli.max_persistent Unlimited Unlimited mysqli.reconnect Off Off mysqlnd mysqlnd enabled Version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ Command buffer size 2048 Read buffer size 32768 Collecting statistics Yes Collecting memory statistics Yes PDO PDO support enabled PDO drivers mysql, sqlite pdo_mysql PDO Driver for MySQL enabled Client API version mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $ Persistent cache enabled put_hits 0 put_misses 0 get_hits 0 get_misses 0 size 2000 free_items 2000 references 2 Directive Local Value Master Value pdo_mysql.cache_size 2000 2000 pdo_sqlite PDO Driver for SQLite 3.x enabled SQLite Library 3.6.15 -Original Message- From: Tommy Pham [mailto:tommy...@gmail.com] Sent: Thursday, September 16, 2010 11:39 AM To: php-general@lists.php.net Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick > -Original Message- > From: Cheryl Sullivan [mailto:csull...@shh.org] > Sent: Thursday, September 16, 2010 8:33 AM > To: Tommy Pham; php-general@lists.php.net > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded from MYSQL Query stick > > SQL Server 8.00.818 - SP3 (Enterprise Edition) > 8? I think that's SQL 2000. If that's the case, you're 1 service pack behind. The latest service pack for SQL 2000 is 4. > Unfortunately I am fairly new to PHP and my boss just went home sick for > the day, so I don't know how to answer the question about the extension. > Can you tell me where I can find that? > phpinfo(); will give all the information pertaining to your PHP environment. Regards, Tommy > -Original Message- > From: Tommy Pham [mailto:tommy...@gmail.com] > Sent: Thursday, September 16, 2010 11:00 AM > To: php-general@lists.php.net > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded from MYSQL Query stick > > > -Original Message- > > From: Cheryl Sullivan [mailto:csull...@shh.org] > > Sent: Thursday, September 16, 2010 7:12 AM > > To: php-general@lists.php.net > > Subject: [PHP] Session Vars loaded from MSSQL Query drop, those loaded > > from MYSQL Query stick > > > > Hi there - I'm new to this news group. Any help with this is > appreciated - > > > > When I populate session vars from a MYSQL query, they are still there > when > > I change pages. If I populate them from an MSSQL query, they drop. > > > > It doesn't matter if I get to the next page using a header redirect or > a form > > submit. I have two session vars I'm loading from a MYSQL query and > they > > remain, the two loaded from MSSQL disappear. > > > > What SQL Server version? What PHP extension are you using? MSSQL? > sqlsrv? > > Regards, > Tommy > > > I have confirmed that a
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
We are actually running the query through a function that removes single
ticks, etc to avoid this, but I didn't think that was relevant to the
question so I didn't include it. Thanks, though!
-Original Message-
From: Peter Lind [mailto:peter.e.l...@gmail.com]
Sent: Thursday, September 16, 2010 12:03 PM
To: Cheryl Sullivan
Cc: a...@ashleysheridan.co.uk; php-general@lists.php.net
Subject: Re: [PHP] Session Vars loaded from MSSQL Query drop, those
loaded from MYSQL Query stick
On 16 September 2010 16:26, Cheryl Sullivan wrote:
> Absolutely -
>
>
>
> This is from the first page
>
>
>
>
> $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName']));
>
> $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']);
>
>
>
> //access MS SQL Server database
>
> $q1 = "select * from emps where emp_last =
> '".$_SESSION['UserLastName']."' and emp_badge =
> '".$_SESSION['BadgeID']."'";
>
> $rs_emp_info =
hitMSSQL($q1,"_sql","database","table","password",1);
>
> $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn");
>
> $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter");
>
You're sticking values from $_POST into an SQL query without
sanitizing them first. That spells out SQL INJECTION VULNERABILITY.
Regards
Peter
--
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
Notice: This communication, including attachments, may contain information that
is confidential and protected. It constitutes non-public information intended
to be conveyed only to the designated recipient(s). If you believe that you
have received this communication in error, please notify the sender immediately
by return e-mail and promptly delete this e-mail, including attachments without
reading or saving them in any manner. The unauthorized use, dissemination,
distribution, or reproduction of this e-mail, including attachments, is
prohibited and may be unlawful. Thank you.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
On 16 September 2010 16:26, Cheryl Sullivan wrote:
> Absolutely -
>
>
>
> This is from the first page
>
>
>
>
> $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName']));
>
> $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']);
>
>
>
> //access MS SQL Server database
>
> $q1 = "select * from emps where emp_last =
> '".$_SESSION['UserLastName']."' and emp_badge =
> '".$_SESSION['BadgeID']."'";
>
> $rs_emp_info = hitMSSQL($q1,"_sql","database","table","password",1);
>
> $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn");
>
> $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter");
>
You're sticking values from $_POST into an SQL query without
sanitizing them first. That spells out SQL INJECTION VULNERABILITY.
Regards
Peter
--
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
> -Original Message- > From: Cheryl Sullivan [mailto:csull...@shh.org] > Sent: Thursday, September 16, 2010 8:33 AM > To: Tommy Pham; php-general@lists.php.net > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded from MYSQL Query stick > > SQL Server 8.00.818 - SP3 (Enterprise Edition) > 8? I think that's SQL 2000. If that's the case, you're 1 service pack behind. The latest service pack for SQL 2000 is 4. > Unfortunately I am fairly new to PHP and my boss just went home sick for > the day, so I don't know how to answer the question about the extension. > Can you tell me where I can find that? > phpinfo(); will give all the information pertaining to your PHP environment. Regards, Tommy > -Original Message- > From: Tommy Pham [mailto:tommy...@gmail.com] > Sent: Thursday, September 16, 2010 11:00 AM > To: php-general@lists.php.net > Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those > loaded from MYSQL Query stick > > > -Original Message- > > From: Cheryl Sullivan [mailto:csull...@shh.org] > > Sent: Thursday, September 16, 2010 7:12 AM > > To: php-general@lists.php.net > > Subject: [PHP] Session Vars loaded from MSSQL Query drop, those loaded > > from MYSQL Query stick > > > > Hi there - I'm new to this news group. Any help with this is > appreciated - > > > > When I populate session vars from a MYSQL query, they are still there > when > > I change pages. If I populate them from an MSSQL query, they drop. > > > > It doesn't matter if I get to the next page using a header redirect or > a form > > submit. I have two session vars I'm loading from a MYSQL query and > they > > remain, the two loaded from MSSQL disappear. > > > > What SQL Server version? What PHP extension are you using? MSSQL? > sqlsrv? > > Regards, > Tommy > > > I have confirmed that all four session vars are loading ok initially > and I can > > echo them out to the page, but when the application moves to the next > > page via redirect or form submit, the two vars loaded from MSSQL are > > empty. > > > > Any ideas? > > > > > > Cheryl L. Sullivan > > Interface Analyst / Web Developer > > > > Sacred Heart Hospital (www.shh.org) > > 421 Chew Street * Allentown, PA 18102 > > Office: 610-776-4784 * Cell: 484-544-2416 P Please consider the > environment > > before printing this e-mail > > > > > > > > Notice: This communication, including attachments, may contain > > information that is confidential and protected. It constitutes > non-public > > information intended to be conveyed only to the designated > recipient(s). If > > you believe that you have received this communication in error, please > > notify the sender immediately by return e-mail and promptly delete > this e- > > mail, including attachments without reading or saving them in any > manner. > > The unauthorized use, dissemination, distribution, or reproduction of > this > > e-mail, including attachments, is prohibited and may be unlawful. > Thank > > you. > > > -- > PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: > http://www.php.net/unsub.php > > > Notice: This communication, including attachments, may contain > information that is confidential and protected. It constitutes non-public > information intended to be conveyed only to the designated recipient(s). If > you believe that you have received this communication in error, please > notify the sender immediately by return e-mail and promptly delete this e- > mail, including attachments without reading or saving them in any manner. > The unauthorized use, dissemination, distribution, or reproduction of this > e-mail, including attachments, is prohibited and may be unlawful. Thank > you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
SQL Server 8.00.818 - SP3 (Enterprise Edition) Unfortunately I am fairly new to PHP and my boss just went home sick for the day, so I don't know how to answer the question about the extension. Can you tell me where I can find that? -Original Message- From: Tommy Pham [mailto:tommy...@gmail.com] Sent: Thursday, September 16, 2010 11:00 AM To: php-general@lists.php.net Subject: RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick > -Original Message- > From: Cheryl Sullivan [mailto:csull...@shh.org] > Sent: Thursday, September 16, 2010 7:12 AM > To: php-general@lists.php.net > Subject: [PHP] Session Vars loaded from MSSQL Query drop, those loaded > from MYSQL Query stick > > Hi there - I'm new to this news group. Any help with this is appreciated - > > When I populate session vars from a MYSQL query, they are still there when > I change pages. If I populate them from an MSSQL query, they drop. > > It doesn't matter if I get to the next page using a header redirect or a form > submit. I have two session vars I'm loading from a MYSQL query and they > remain, the two loaded from MSSQL disappear. > What SQL Server version? What PHP extension are you using? MSSQL? sqlsrv? Regards, Tommy > I have confirmed that all four session vars are loading ok initially and I can > echo them out to the page, but when the application moves to the next > page via redirect or form submit, the two vars loaded from MSSQL are > empty. > > Any ideas? > > > Cheryl L. Sullivan > Interface Analyst / Web Developer > > Sacred Heart Hospital (www.shh.org) > 421 Chew Street * Allentown, PA 18102 > Office: 610-776-4784 * Cell: 484-544-2416 P Please consider the environment > before printing this e-mail > > > > Notice: This communication, including attachments, may contain > information that is confidential and protected. It constitutes non-public > information intended to be conveyed only to the designated recipient(s). If > you believe that you have received this communication in error, please > notify the sender immediately by return e-mail and promptly delete this e- > mail, including attachments without reading or saving them in any manner. > The unauthorized use, dissemination, distribution, or reproduction of this > e-mail, including attachments, is prohibited and may be unlawful. Thank > you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Notice: This communication, including attachments, may contain information that is confidential and protected. It constitutes non-public information intended to be conveyed only to the designated recipient(s). If you believe that you have received this communication in error, please notify the sender immediately by return e-mail and promptly delete this e-mail, including attachments without reading or saving them in any manner. The unauthorized use, dissemination, distribution, or reproduction of this e-mail, including attachments, is prohibited and may be unlawful. Thank you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
On Thu, Sep 16, 2010 at 10:26 AM, Cheryl Sullivan wrote:
> Absolutely -
>
> This is from the first page
>
>
> $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName']));
>
> $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']);
>
> //access MS SQL Server database
>
> $q1 = "select * from emps where emp_last =
> '".$_SESSION['UserLastName']."' and emp_badge =
> '".$_SESSION['BadgeID']."'";
>
> $rs_emp_info = hitMSSQL($q1,"_sql","database","table","password",1);
>
> $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn");
>
> $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter");
>
> //access mySQL database
>
> $cnx = mysql_connect("localhost","userID","password");
>
> $db = mysql_select_db("database_name");
>
> $q1 = "select * from tblmainempreport where empUUID =
> 'sdfsfs920090528131'";
>
> $result = mysql_query($q1);
>
> $recArray = mysql_fetch_array($result);
>
> $_SESSION['empFName'] = $recArray['EmpFName'];
>
> ?>
>
>
>
> When I echo all five $_SESSION vars from here, they are all populated.
> Then I can either redirect or form post to the next page. In either
> case, the $_SESSION vars populated from SQL Server ( the SSN and Cost
> Center vars) are blank when I echo them on the destination page.
The fact that you can echo the $_SESSION information on the same page
and they contain the correct values suggest to me that the issue of
MySQL/MSSQL is a red herring. I would look into things like the value
for register_globals to make sure you don't have a global variable
stepping on some of your session variables.
Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
> -Original Message- > From: Cheryl Sullivan [mailto:csull...@shh.org] > Sent: Thursday, September 16, 2010 7:12 AM > To: php-general@lists.php.net > Subject: [PHP] Session Vars loaded from MSSQL Query drop, those loaded > from MYSQL Query stick > > Hi there – I’m new to this news group. Any help with this is appreciated – > > When I populate session vars from a MYSQL query, they are still there when > I change pages. If I populate them from an MSSQL query, they drop. > > It doesn't matter if I get to the next page using a header redirect or a form > submit. I have two session vars I'm loading from a MYSQL query and they > remain, the two loaded from MSSQL disappear. > What SQL Server version? What PHP extension are you using? MSSQL? sqlsrv? Regards, Tommy > I have confirmed that all four session vars are loading ok initially and I can > echo them out to the page, but when the application moves to the next > page via redirect or form submit, the two vars loaded from MSSQL are > empty. > > Any ideas? > > > Cheryl L. Sullivan > Interface Analyst / Web Developer > > Sacred Heart Hospital (www.shh.org) > 421 Chew Street • Allentown, PA 18102 > Office: 610-776-4784 • Cell: 484-544-2416 P Please consider the environment > before printing this e-mail > > > > Notice: This communication, including attachments, may contain > information that is confidential and protected. It constitutes non-public > information intended to be conveyed only to the designated recipient(s). If > you believe that you have received this communication in error, please > notify the sender immediately by return e-mail and promptly delete this e- > mail, including attachments without reading or saving them in any manner. > The unauthorized use, dissemination, distribution, or reproduction of this > e-mail, including attachments, is prohibited and may be unlawful. Thank > you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
Absolutely -
This is from the first page
fields("emp_ssn");
$_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter");
//access mySQL database
$cnx = mysql_connect("localhost","userID","password");
$db = mysql_select_db("database_name");
$q1 = "select * from tblmainempreport where empUUID =
'sdfsfs920090528131'";
$result = mysql_query($q1);
$recArray = mysql_fetch_array($result);
$_SESSION['empFName'] = $recArray['EmpFName'];
?>
When I echo all five $_SESSION vars from here, they are all populated.
Then I can either redirect or form post to the next page. In either
case, the $_SESSION vars populated from SQL Server ( the SSN and Cost
Center vars) are blank when I echo them on the destination page.
From: Ashley Sheridan [mailto:a...@ashleysheridan.co.uk]
Sent: Thursday, September 16, 2010 10:14 AM
To: Cheryl Sullivan
Cc: php-general@lists.php.net
Subject: Re: [PHP] Session Vars loaded from MSSQL Query drop, those
loaded from MYSQL Query stick
On Thu, 2010-09-16 at 10:11 -0400, Cheryl Sullivan wrote:
Hi there - I'm new to this news group. Any help with this is
appreciated -
When I populate session vars from a MYSQL query, they are still there
when I change pages. If I populate them from an MSSQL query, they drop.
It doesn't matter if I get to the next page using a header redirect or a
form submit. I have two session vars I'm loading from a MYSQL query and
they remain, the two loaded from MSSQL disappear.
I have confirmed that all four session vars are loading ok initially and
I can echo them out to the page, but when the application moves to the
next page via redirect or form submit, the two vars loaded from MSSQL
are empty.
Any ideas?
Cheryl L. Sullivan
Interface Analyst / Web Developer
Sacred Heart Hospital (www.shh.org)
421 Chew Street * Allentown, PA 18102
Office: 610-776-4784 * Cell: 484-544-2416
P Please consider the environment before printing this e-mail
Notice: This communication, including attachments, may contain
information that is confidential and protected. It constitutes
non-public information intended to be conveyed only to the designated
recipient(s). If you believe that you have received this communication
in error, please notify the sender immediately by return e-mail and
promptly delete this e-mail, including attachments without reading or
saving them in any manner. The unauthorized use, dissemination,
distribution, or reproduction of this e-mail, including attachments, is
prohibited and may be unlawful. Thank you.
There should be no difference. Can we see some examples of the MySQL and
the MSSQL code to see what you're doing differently?
Thanks,
Ash
http://www.ashleysheridan.co.uk
Re: [PHP] Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick
On Thu, 2010-09-16 at 10:11 -0400, Cheryl Sullivan wrote: > Hi there – I’m new to this news group. Any help with this is appreciated – > > When I populate session vars from a MYSQL query, they are still there when I > change pages. If I populate them from an MSSQL query, they drop. > > It doesn't matter if I get to the next page using a header redirect or a form > submit. I have two session vars I'm loading from a MYSQL query and they > remain, the two loaded from MSSQL disappear. > > I have confirmed that all four session vars are loading ok initially and I > can echo them out to the page, but when the application moves to the next > page via redirect or form submit, the two vars loaded from MSSQL are empty. > > Any ideas? > > > Cheryl L. Sullivan > Interface Analyst / Web Developer > > Sacred Heart Hospital (www.shh.org) > 421 Chew Street • Allentown, PA 18102 > Office: 610-776-4784 • Cell: 484-544-2416 > Please consider the environment before printing this e-mail > > > > Notice: This communication, including attachments, may contain information > that is confidential and protected. It constitutes non-public information > intended to be conveyed only to the designated recipient(s). If you believe > that you have received this communication in error, please notify the sender > immediately by return e-mail and promptly delete this e-mail, including > attachments without reading or saving them in any manner. The unauthorized > use, dissemination, distribution, or reproduction of this e-mail, including > attachments, is prohibited and may be unlawful. Thank you. > > There should be no difference. Can we see some examples of the MySQL and the MSSQL code to see what you're doing differently? Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] session variables in tmp
Ok, that usually happens. Gerardo www.webseficientes.com.ar On Tue, Jun 8, 2010 at 1:48 PM, Stephen Sunderlin < stephen.sunder...@verizon.net> wrote: > Thanks Gerardo. > > I send a large dump.sql file to my /tmp dir and filled up the remaining > space so PHP was not able to write any more session variable. Took me a > little while to figure that one out. > > Thanks for your response. > > > > > > On Tue, 08 Jun 2010 12:00:23 -0400, Gerardo Benitez > wrote: > > Hi Stephen, >> >> you can try setting the session path using session_save_path >> http://www.php.net/manual/en/function.session-save-path.php. >> >> Gerardo >> www.webseficientes.com.ar >> >> >> >> On Sat, Jun 5, 2010 at 2:18 AM, Stephen Sunderlin < >> stephen.sunder...@verizon.net> wrote: >> >> trying out a CentOS release 5.2 (Final) V4_1_0 on AWS. Was working fine >>> and now it seems that php has stopped writing any session variable to >>> /tmp. >>> I was cleaning up the user table in mysql and limiting permissions. >>> Not >>> sure that this would have anything to do with it. Restarted >>> apache/mysql. >>> tmp is set to drwxrwxrwt 4 root root 4096 Jun 5 00:46 tmp >>> PHP 5.2.4 >>> MySQL 5.0.45 >>> any thought on where else to look. >>> >>> Thanks. >>> >>> -- >>> PHP General Mailing List (http://www.php.net/) >>> To unsubscribe, visit: http://www.php.net/unsub.php >>> >>> >>> >> >> > > -- > Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ > -- Gerardo Benitez
Re: [PHP] session variables in tmp
Thanks Gerardo. I send a large dump.sql file to my /tmp dir and filled up the remaining space so PHP was not able to write any more session variable. Took me a little while to figure that one out. Thanks for your response. On Tue, 08 Jun 2010 12:00:23 -0400, Gerardo Benitez wrote: Hi Stephen, you can try setting the session path using session_save_path http://www.php.net/manual/en/function.session-save-path.php. Gerardo www.webseficientes.com.ar On Sat, Jun 5, 2010 at 2:18 AM, Stephen Sunderlin < stephen.sunder...@verizon.net> wrote: trying out a CentOS release 5.2 (Final) V4_1_0 on AWS. Was working fine and now it seems that php has stopped writing any session variable to /tmp. I was cleaning up the user table in mysql and limiting permissions. Not sure that this would have anything to do with it. Restarted apache/mysql. tmp is set to drwxrwxrwt 4 root root 4096 Jun 5 00:46 tmp PHP 5.2.4 MySQL 5.0.45 any thought on where else to look. Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session variables in tmp
Hi Stephen, you can try setting the session path using session_save_path http://www.php.net/manual/en/function.session-save-path.php. Gerardo www.webseficientes.com.ar On Sat, Jun 5, 2010 at 2:18 AM, Stephen Sunderlin < stephen.sunder...@verizon.net> wrote: > trying out a CentOS release 5.2 (Final) V4_1_0 on AWS. Was working fine > and now it seems that php has stopped writing any session variable to /tmp. > I was cleaning up the user table in mysql and limiting permissions. Not > sure that this would have anything to do with it. Restarted apache/mysql. > tmp is set to drwxrwxrwt 4 root root 4096 Jun 5 00:46 tmp > PHP 5.2.4 > MySQL 5.0.45 > any thought on where else to look. > > Thanks. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Gerardo Benitez
Re: [PHP] session data
On Tue, 2010-06-01 at 21:54 +0100, Colin Finnis wrote: > I'm having a problem with session data. I have a login setup which holds the > user ID and password in the session data once the user has initially logged > in. When the user goes to a new page or accesses a pop up window the users > session data is validated against a list of IDs and passwords held on the > system rather than forcing them to log in each time. As far as I can work > out this is fairly standard stuff for this sort of process. It works fine in > Firefox but is very inconsistent when used in IE 7. On occasions when a new > page is accessed the users is forced to login again. The reason for this > appears to be that the variables in which the ID and password are stored > don't exist. I have a whole load of trace code which gives me various > information and session ID is apparently being picked up correctly. The > weird thing is that if you reload the page it will then work correctly. I > have tried adding session_write_close as I thought the data was not being > written out correctly during the initial login. This code has been developed > in eclipse using an Apache web serve and works just fine in this > environment. I am trying to deploy it to an IIS serve to which I only have > limited access and cant debug it in this environment. > > > Do you have an example of the code you're using, like a bare bones script? Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Session Variable Problem
tedd Please accept my apologies for not thanking you sooner, I am going over you code and learning great stuff. Again, thank you. And thank you to Adam as well. gary "tedd" wrote in message news:p06240804c7cbe9aa1...@[192.168.1.102]... > At 10:14 AM -0400 3/21/10, Gary wrote: >>Thanks again for all the help, however the plot thickens. > > Gary : > > It doesn't have to thicken. Here's an example of using $_SESSION that > works and you can have as many fields as you want: > > http://www.webbytedd.com/aa/step-form-sessions/index.php > > All the code is there. Plus, it will give you a way to go from page to > page without leaving the gathering page. > > Cheers, > > tedd > -- > --- > http://sperling.com http://ancientstones.com http://earthstones.com > > __ Information from ESET Smart Security, version of virus > signature database 4962 (20100321) __ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > __ Information from ESET Smart Security, version of virus signature database 4965 (20100322) __ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Variable Problem
At 10:14 AM -0400 3/21/10, Gary wrote: Thanks again for all the help, however the plot thickens. Gary : It doesn't have to thicken. Here's an example of using $_SESSION that works and you can have as many fields as you want: http://www.webbytedd.com/aa/step-form-sessions/index.php All the code is there. Plus, it will give you a way to go from page to page without leaving the gathering page. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Variable Problem
Thanks again for all the help, however the plot thickens.
I have put:
On the first page, Now what happens is it only sticks to the first two
(lend_fname and lend_lname), the others still get lost. Any idea how or why
the exact code works differently?
Thanks Again.
gary
"tedd" wrote in message
news:p06240800c7cbc0927...@[192.168.1.102]...
> At 2:22 PM -0400 3/20/10, Gary wrote:
>>I have this perplexing issue of session varibles getting dropped. It is a
>>4
>>page form, the last page being a review page incase the submitter wants to
>>change any of the information.If you go through the form, all of the
>>information carries forward, and from the review page if you go back to
>>edit, it is there, however is you go back to page 2, then to page 1, page
>>one info is gone.It gets worse in that page 2 sessions drop (more likely
>>over written) if you go from page 3 to 2.
>>
>>Each page is started with
>>
>>> session_start();
>> }
>>
>>Session varible:
>>
>>$_SESSION['lend_fname']=stripslashes($_POST['lend_fname']);
>>
>>Calling the session varible to the input field for review
>>
>>>'value="'.htmlentities($_SESSION['lend_fname']).'"';}?>
>>
>>The page starts at http://www.paulgdesigns.com/one2one/lend_bor_input.php
>>
>>Im confused as to why they keep getting dropped and how to stop it.
>>
>>Hopefully I have given enough information.
>>
>>Thank you
>>
>>Gary
>
> Gary:
>
> I think I know what the problem is. When you revisit previous pages, you
> write over the previous data from an empty $_POST. Here's a way to stop
> that.
>
>
> if (isset($_POST ['lend_fname'])
> {
> $_SESSION['lend_fname'] = $_POST['lend_fname'];
> }
>
> As far as using strip_slashes() and htmlentities() I wait until I am going
> to use the variables in some manner and then clean/scrub them all at one
> time. That makes the process simpler for me -- plus I can then keep all my
> security checks in one location.
>
> Cheers,
>
> tedd
>
> --
> ---
> http://sperling.com http://ancientstones.com http://earthstones.com
>
> __ Information from ESET Smart Security, version of virus
> signature database 4962 (20100321) __
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
__ Information from ESET Smart Security, version of virus signature
database 4962 (20100321) __
The message was checked by ESET Smart Security.
http://www.eset.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Variable Problem
At 2:22 PM -0400 3/20/10, Gary wrote: I have this perplexing issue of session varibles getting dropped. It is a 4 page form, the last page being a review page incase the submitter wants to change any of the information.If you go through the form, all of the information carries forward, and from the review page if you go back to edit, it is there, however is you go back to page 2, then to page 1, page one info is gone.It gets worse in that page 2 sessions drop (more likely over written) if you go from page 3 to 2. Each page is started with The page starts at http://www.paulgdesigns.com/one2one/lend_bor_input.php Im confused as to why they keep getting dropped and how to stop it. Hopefully I have given enough information. Thank you Gary Gary: I think I know what the problem is. When you revisit previous pages, you write over the previous data from an empty $_POST. Here's a way to stop that. As far as using strip_slashes() and htmlentities() I wait until I am going to use the variables in some manner and then clean/scrub them all at one time. That makes the process simpler for me -- plus I can then keep all my security checks in one location. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Variable Problem
On Sat, Mar 20, 2010 at 6:56 PM, Gary wrote:
> Adam
>
> Thank you for your reply.
>
> ""Are you checking to see if the post variable is set in the code that
> handles saving the form values to session variables? ""
>
> No, I not done anything about the post variable, frankly I thought the
> session variable would cover it. I tried your code
>
> if (isset($_POST['lend_fname'])){
> $_SESSION['lend_fname']=stripslashes($_POST['lend_fname']);
> }
>
> And it seems to work fine, the data seems to stay. Is there an easier
> method
> (perhaps putting the post or session variables into an array?
>
> Again thank you for your reply and your solution.
>
> Gary
>
>
> "Adam Richardson" wrote in message
> news:e4d8ea9d1003201529p1ab72baei147549423f5e3...@mail.gmail.com...
> > On Sat, Mar 20, 2010 at 2:22 PM, Gary wrote:
> >
> >> I have this perplexing issue of session varibles getting dropped. It is
> >> a
> >> 4
> >> page form, the last page being a review page incase the submitter wants
> >> to
> >> change any of the information.If you go through the form, all of the
> >> information carries forward, and from the review page if you go back to
> >> edit, it is there, however is you go back to page 2, then to page 1,
> page
> >> one info is gone.It gets worse in that page 2 sessions drop (more likely
> >> over written) if you go from page 3 to 2.
> >>
> >> Each page is started with
> >>
> >> >>session_start();
> >> }
> >>
> >> Session varible:
> >>
> >> $_SESSION['lend_fname']=stripslashes($_POST['lend_fname']);
> >>
> >> Calling the session varible to the input field for review
> >>
> >> >> 'value="'.htmlentities($_SESSION['lend_fname']).'"';}?>
> >>
> >> The page starts at
> http://www.paulgdesigns.com/one2one/lend_bor_input.php
> >>
> >> Im confused as to why they keep getting dropped and how to stop it.
> >>
> >> Hopefully I have given enough information.
> >>
> >> Thank you
> >>
> >> Gary
> >>
> >>
> >>
> >> __ Information from ESET Smart Security, version of virus
> >> signature
> >> database 4961 (20100320) __
> >>
> >> The message was checked by ESET Smart Security.
> >>
> >> http://www.eset.com
> >>
> >>
> >>
> >>
> >>
> >> --
> >> PHP General Mailing List (http://www.php.net/)
> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >
> >
> > Are you checking to see if the post variable is set in the code that
> > handles
> > saving the form values to session variables? I can't tell if you're
> doing
> > this from the code you provided. If not, it's possible that when you are
> > returning to one of the earlier pages, you're attempting to again save
> the
> > form values even though the corresponding $_POST vars are empty. This
> > would
> > cause visiting page 2 to essentially delete the data previously posted
> > from
> > page 1.
> >
> > Using your example:
> >
> > // Only save if post variable present, which means
> > if (isset($_POST['lend_fname']))
> > {
> >$_SESSION['lend_fname']=stripslashes($_POST['lend_fname']);
> > }
> >
> > Also, some users will likely click the back button during the process,
> > which
> > brings up a funky message. You might try building one page that is
> > dedicated to saving all of the session variables, which then redirects to
> > the corresponding next page in the process.
> >
> > Adam
> >
> > --
> > Nephtali: PHP web framework that functions beautifully
> > http://nephtaliproject.com
> >
> >
> >
> > __ Information from ESET Smart Security, version of virus
> > signature database 4961 (20100320) __
> >
> > The message was checked by ESET Smart Security.
> >
> > http://www.eset.com
> >
> >
>
>
>
> __ Information from ESET Smart Security, version of virus signature
> database 4961 (20100320) __
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
The session variables store what you tell them to store. The way your pages
were set up, it sounds like you always called the code that set the session
variable, even if the session variable was already set and even if there
were no POST variables sent.
People often do use sessions to preserve the state of a form's fields if the
form has multiple pages, just as you are doing. In this type of situation
someone can be visiting a page to 1) submit new data (POST data is present
such as when somebody clicks on the submit button in the previous page), or
2) review the data they've already entered (no POST data present, such as
when somebody uses the navigation on your page.) You have to check to see
which of the two possible types of page requests is occurring.
Using the code you have, you can probably just wrap the code that you have
that sets the session variables in an if block that checks for one of the
post variables you're expecting.
I'd recommend reading a tutorial or two on how PHP sessions work, such as
Re: [PHP] Session Variable Problem
Adam
Thank you for your reply.
""Are you checking to see if the post variable is set in the code that
handles saving the form values to session variables? ""
No, I not done anything about the post variable, frankly I thought the
session variable would cover it. I tried your code
if (isset($_POST['lend_fname'])){
$_SESSION['lend_fname']=stripslashes($_POST['lend_fname']);
}
And it seems to work fine, the data seems to stay. Is there an easier method
(perhaps putting the post or session variables into an array?
Again thank you for your reply and your solution.
Gary
"Adam Richardson" wrote in message
news:e4d8ea9d1003201529p1ab72baei147549423f5e3...@mail.gmail.com...
> On Sat, Mar 20, 2010 at 2:22 PM, Gary wrote:
>
>> I have this perplexing issue of session varibles getting dropped. It is
>> a
>> 4
>> page form, the last page being a review page incase the submitter wants
>> to
>> change any of the information.If you go through the form, all of the
>> information carries forward, and from the review page if you go back to
>> edit, it is there, however is you go back to page 2, then to page 1, page
>> one info is gone.It gets worse in that page 2 sessions drop (more likely
>> over written) if you go from page 3 to 2.
>>
>> Each page is started with
>>
>> >session_start();
>> }
>>
>> Session varible:
>>
>> $_SESSION['lend_fname']=stripslashes($_POST['lend_fname']);
>>
>> Calling the session varible to the input field for review
>>
>> > 'value="'.htmlentities($_SESSION['lend_fname']).'"';}?>
>>
>> The page starts at http://www.paulgdesigns.com/one2one/lend_bor_input.php
>>
>> Im confused as to why they keep getting dropped and how to stop it.
>>
>> Hopefully I have given enough information.
>>
>> Thank you
>>
>> Gary
>>
>>
>>
>> __ Information from ESET Smart Security, version of virus
>> signature
>> database 4961 (20100320) __
>>
>> The message was checked by ESET Smart Security.
>>
>> http://www.eset.com
>>
>>
>>
>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
>
> Are you checking to see if the post variable is set in the code that
> handles
> saving the form values to session variables? I can't tell if you're doing
> this from the code you provided. If not, it's possible that when you are
> returning to one of the earlier pages, you're attempting to again save the
> form values even though the corresponding $_POST vars are empty. This
> would
> cause visiting page 2 to essentially delete the data previously posted
> from
> page 1.
>
> Using your example:
>
> // Only save if post variable present, which means
> if (isset($_POST['lend_fname']))
> {
>$_SESSION['lend_fname']=stripslashes($_POST['lend_fname']);
> }
>
> Also, some users will likely click the back button during the process,
> which
> brings up a funky message. You might try building one page that is
> dedicated to saving all of the session variables, which then redirects to
> the corresponding next page in the process.
>
> Adam
>
> --
> Nephtali: PHP web framework that functions beautifully
> http://nephtaliproject.com
>
>
>
> __ Information from ESET Smart Security, version of virus
> signature database 4961 (20100320) __
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
__ Information from ESET Smart Security, version of virus signature
database 4961 (20100320) __
The message was checked by ESET Smart Security.
http://www.eset.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Variable Problem
On Sat, Mar 20, 2010 at 2:22 PM, Gary wrote:
> I have this perplexing issue of session varibles getting dropped. It is a
> 4
> page form, the last page being a review page incase the submitter wants to
> change any of the information.If you go through the form, all of the
> information carries forward, and from the review page if you go back to
> edit, it is there, however is you go back to page 2, then to page 1, page
> one info is gone.It gets worse in that page 2 sessions drop (more likely
> over written) if you go from page 3 to 2.
>
> Each page is started with
>
> session_start();
> }
>
> Session varible:
>
> $_SESSION['lend_fname']=stripslashes($_POST['lend_fname']);
>
> Calling the session varible to the input field for review
>
> 'value="'.htmlentities($_SESSION['lend_fname']).'"';}?>
>
> The page starts at http://www.paulgdesigns.com/one2one/lend_bor_input.php
>
> Im confused as to why they keep getting dropped and how to stop it.
>
> Hopefully I have given enough information.
>
> Thank you
>
> Gary
>
>
>
> __ Information from ESET Smart Security, version of virus signature
> database 4961 (20100320) __
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Are you checking to see if the post variable is set in the code that handles
saving the form values to session variables? I can't tell if you're doing
this from the code you provided. If not, it's possible that when you are
returning to one of the earlier pages, you're attempting to again save the
form values even though the corresponding $_POST vars are empty. This would
cause visiting page 2 to essentially delete the data previously posted from
page 1.
Using your example:
// Only save if post variable present, which means
if (isset($_POST['lend_fname']))
{
$_SESSION['lend_fname']=stripslashes($_POST['lend_fname']);
}
Also, some users will likely click the back button during the process, which
brings up a funky message. You might try building one page that is
dedicated to saving all of the session variables, which then redirects to
the corresponding next page in the process.
Adam
--
Nephtali: PHP web framework that functions beautifully
http://nephtaliproject.com
