PHP Sessions
I'm starting a PHP session on one page:
session_start();
$sess_expire = '1';
$time_stamp = mktime() + ( $sess_expire * 60 );
$enc_time = md5( $time_stamp );
// # set session vars
$_SESSION['sess_timestamp'] = $time_stamp;
$_SESSION['sess_key'] = $enc_time . session_id();
// _KEY is the var to pass with unique id...
// echo $_SESSION['sess_key'];
$_KEY = $_SESSION['sess_key'];
// echo alone or with other data
echo $_KEY;
On another page, I'm checking that the session is set:
if( !isset( $_SESSION['sess_key'] ) ) {
// header(‘location: [url]http://somewhere.com’[/url]);
echo "&redirect=http://www.google.com/";
exit;
}
...however, I'm getting redirected everytime. I checked cookies in Mozilla, and the session was there. How can I pass the !isset session condition and get the session recognized?
Thanks,
TonyMontana
dk01 posted this at 17:26 — 28th April 2003.
He has: 516 posts
Joined: Mar 2002
Don't you need to start the session again on the other page?
Also you are multiplying a string '1' by 60. Not sure what kind of results you are getting but I would be interested to see what someone with more sessions experience has to say. Good luck, sorry I can't help more.
-dk
TonyMontana posted this at 17:31 — 28th April 2003.
They have: 218 posts
Joined: Apr 2001
Yes, well spotted.
I'm starting the second page script with:
session_start();
Mark Hensler posted this at 19:33 — 28th April 2003.
He has: 4,048 posts
Joined: Aug 2000
here is an exurpt from another script of mine:
<?php
// we don't want messy URLs....
ini_set(\"session.use_trans_sid\", 1);
// how long before session is considered garbage
ini_set('session.gc_maxlifetime', _SESSION_IDLE_TIME * 60);
// percentage to check for garbage
ini_set('session.gc_probability', 1);
// resume any old sessions
// set the PHP session_name
session_name('wahl_session');
// start the PHP session
session_start();
// get the PHP session_id
$sid = session_id();
// SID is a PHP defined constant used for passing sessions in links
// SID = session_name=session_id
$SID = SID;
?>
I dont believe the session_name() is required. But I do know that if you're gonna use it, it needs to be set before calling session_start().
How are you going from one page to the other?
Mark Hensler
If there is no answer on Google, then there is no question.
TonyMontana posted this at 19:52 — 28th April 2003.
They have: 218 posts
Joined: Apr 2001
As a simple test, with the first script:
// sessionTest1.php
<?php
session_start();
$sess_expire = '1';
$time_stamp = mktime() + ( $sess_expire * 60 );
$enc_time = md5( $time_stamp );
// echo $_SESSION['sess_key'];
$sid = session_id();
$SID = SID;
// # set session vars
$_SESSION['sess_timestamp'] = $time_stamp;
$_SESSION['sess_key'] = $enc_time . $sid;
// _KEY is the var to pass with unique id...
$_KEY = $_SESSION['sess_key'];
// echo alone or with other data
echo $_KEY;
?>
A key is echoed. Now try to read session with second script:
// sessionTest2.php
<?php
session_start();
echo $sid; // returns nothing
?>
hmmmmmmmmmm...
Mark Hensler posted this at 16:39 — 29th April 2003.
He has: 4,048 posts
Joined: Aug 2000
add this to sessionTest2.php:
$sid = session_id();
Mark Hensler posted this at 16:46 — 29th April 2003.
He has: 4,048 posts
Joined: Aug 2000
tested script:
<?php
//sessions1.php
session_start();
echo \"<html><body><pre>\n\";
$sess_expire = '1';
$time_stamp = mktime() + ( $sess_expire * 60 );
$enc_time = md5( $time_stamp );
// echo $_SESSION['sess_key'];
$sid = session_id();
$SID = SID;
echo \"$sid<br>\n\";
// # set session vars
$_SESSION['sess_timestamp'] = $time_stamp;
$_SESSION['sess_key'] = $enc_time . $sid;
// _KEY is the var to pass with unique id...
$_KEY = $_SESSION['sess_key'];
// echo alone or with other data
echo \"$_KEY<br>\n\";
echo \"<br>\n\";
echo \"<a href=\\"sessions2.php\\">sessions2.php</a>\n\";
echo \"</pre></body></html>\";
?>
<?php
//sessions2.php
session_start();
echo \"<html><body><pre>\n\";
$sid = session_id();
echo \"$sid<br>\n\";
echo $_SESSION['sess_key'].\"<br>\n\";
echo \"</pre></body></html>\";
?>
demo: http://host.maxalbert.com/testing_center/sessions1.php
sources: http://host.maxalbert.com/testing_center/phps_files/
Mark Hensler
If there is no answer on Google, then there is no question.
TonyMontana posted this at 17:52 — 29th April 2003.
They have: 218 posts
Joined: Apr 2001
Mark, on second check, there is only one line being echoed on 'sessions2.php' for me, which is:
echo "$sid\n";
'$_SESSION['sess_key']' is disappearing.
I noticed both lines are showing up on your demo. It must be because of the PHP version I am running (PHP v.4.0.6 which I am getting upgraded).
Mark Hensler posted this at 04:04 — 30th April 2003.
He has: 4,048 posts
Joined: Aug 2000
ok.. $_SESSION was added in 4.1.0 (release notes)
try this then (not tested):
<?php
//sessions1.php
session_start();
echo \"<html><body><pre>\n\";
$sess_expire = '1';
$time_stamp = mktime() + ( $sess_expire * 60 );
$enc_time = md5( $time_stamp );
// echo $_SESSION['sess_key'];
$sid = session_id();
$SID = SID;
echo \"$sid<br>\n\";
// # set session vars
session_register(\"sess_timestamp\");
session_register(\"sess_key\");
$sess_timestamp = $time_stamp;
$sess_key = $enc_time . $sid;
// _KEY is the var to pass with unique id...
// echo alone or with other data
echo \"$sess_key<br>\n\";
echo \"<br>\n\";
echo \"<a href=\\"sessions2.php\\">sessions2.php</a>\n\";
echo \"</pre></body></html>\";
?>
<?php
//sessions2.php
session_start();
echo \"<html><body><pre>\n\";
$sid = session_id();
session_register(\"sess_key\");
echo \"$sid<br>\n\";
echo \"$sess_key<br>\n\";
echo \"</pre></body></html>\";
?>
My server is running Apache 2 + PHP 4.3.0... And wouldn't ya know it, PHP 4.3.2RC2 was just released today.
Mark Hensler
If there is no answer on Google, then there is no question.
TonyMontana posted this at 18:50 — 30th April 2003.
They have: 218 posts
Joined: Apr 2001
Mark, that script works with v.4.0.6! First one I've seen on the net that has.
What kind of session checks would you do before echoing the data?
Here's a couple of simple ones I had in mind:
if(!isset($sess_key)){exit;}
// key sent to Flash in sessions1.php
if( isset($fla_key) && $fla_key != $sess_key ){exit;}
if($sess_timestamp <= mktime() ) {exit;}
Maybe you can embellish upon those, or add a few more options.
Thanks,
Tony
Mark Hensler posted this at 18:55 — 1st May 2003.
He has: 4,048 posts
Joined: Aug 2000
<?php
//sessions1.php
session_start();
$sid = session_id();
session_register(\"fla_key\");
session_register(\"sess_key\");
session_register(\"sess_timestamp\");
$sess_expire = 1; // (in minutes)
$time_stamp = mktime() + ( $sess_expire * 60 );
$enc_time = md5( $time_stamp );
// set session vars
$sess_timestamp = $time_stamp;
$sess_key = $enc_time . $sid;
echo $sess_key;
?>
<?php
//sessions2.php
session_start();
$sid = session_id();
session_register(\"fla_key\");
session_register(\"sess_key\");
session_register(\"sess_timestamp\");
if (!isset($sess_key)) {exit;}
if ($sess_timestamp <= mktime() ) {exit;}
if (!isset($fla_key) || $fla_key!=$sess_key ) {exit;}
// send sensitive data
?>
Let me know how this works out. I've never tried mixing sessions with Flash, and I'm curious how it works out.
Mark Hensler
If there is no answer on Google, then there is no question.
TonyMontana posted this at 18:33 — 2nd May 2003.
They have: 218 posts
Joined: Apr 2001
Yes, that is exactly how it works. Once the session key was recognized on sessions2.php, it was smooth sailing.
Thanks,
TonyMontana
Mark Hensler posted this at 21:53 — 2nd May 2003.
He has: 4,048 posts
Joined: Aug 2000
That's great. Glad it worked out.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.