Session variable not persisting

andynightingale

See
http://www.ipixels.co.uk/swift_pumps/chemicals.php

The session variable is carried through to the second page exactly as I want it, and displayed. Why when you follow the link to the third page it loses it? The third page has the same code identical to page 2. I want the session variable to persist.

Page 2 (concentration.php)
Page 3 (capacity.php)

<?php
session_start();
session_register("chemicalSession");
$chemicalSession = $HTTP_POST_VARS['chemical_drop_down'];
?>
<html>
<head>
<title>Concentration</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
You have chosen <?php echo $HTTP_SESSION_VARS['chemicalSession']; ?> from the chemicals drop down, now;

<a href="capacity.php">Carry Session variable to Capacity page</a>
</body>
</html>

steadyguy

Instead of

<?php
session_start();
session_register("chemicalSession");
$chemicalSession = $HTTP_POST_VARS['chemical_drop_down'];
?>

Try:

<?php
session_start();
$chemicalSession = $_POST['chemical_drop_down'];
session_register("chemicalSession");
?> 
...
<?php echo $chemicalSession'; ?>

andynightingale

That gives me an error 'Parse error: parse error in line 3 etc etc...

steadyguy

It shouldn't (and doesn't for me) ... though your installation of PHP might not support the superglobals; try changing $_POST back to $HTTP_POST_VARS, see if that does the trick.

The important thing, however, is to give the variable a value before registering it with the session.

andynightingale

I have swapped declaring the session with registering it which makes sense. Again it works fine for second page, but not third (which has identicle code).

<?php
session_start();
$chemicalSession = $HTTP_POST_VARS['chemical_drop_down'];
session_register("chemicalSession");
?>

I can't understand how it works the first time but not the second!

I have read that session_register is depracated and $_SESSION should be used instead to overcome global variables being turned of in PHP so tried:

<?php
session_start();
$chemicalSession = $HTTP_POST_VARS['chemical_drop_down'];
$_SESSION["chemicalSession"];
?>

This still works on second page and not on third.
Surely this should be a simple thing to do in PHP?

Andy
😕

andynightingale

http://www.ipixels.co.uk/swift_pumps/test.php

register_globals is turned on.

steadyguy

session_register() is not deprecated. Though a warning is given regarding its use. (See php.net). When register_globals is turned on, it becomes really easy to store something nasty in your session with something like:

session_register('automatically_created_variable');

... because this variable can contain pretty much anything - including malicious code. If you're using $_POST, or $HTTP_POST_VARS (which is deprecated), then even if register_globals is on, you're not relying on it, so it may as well not be. Even so, you should check what is in those variables against a list of permitted values (ie., letters only) before you register them.

I suspect that your problem is that you're re-registering the value on the third page: you said it had identical code. If you register it on the second one, but don't resubmit the value, and then register it again, then it will registered with an empty string or null value.

//page two
//This registers your variable successfully (right?)
session_start();
$chemicalSession = $HTTP_POST_VARS['chemical_drop_down'];
session_register("chemicalSession"); 

//page three
session_start();
$chemicalSession = $HTTP_POST_VARS['chemical_drop_down'];
session_register("chemicalSession"); 
//OOPS! Just overwrote the registered value with a blank string ('')! 
//Value wasn't submitted to the third page via POST

//page three should be:
session_start();
//... now do your stuff.

andynightingale

It works!!!
And more to the point I see why.
Thanks for your patience and taking the time to reply.
Andy

steadyguy

You're welcome. Glad to be of assistance. The moderators are suggest marking threads resolved, if a solution has been found.