Passing Session ID with POST

micglu

I've read all I can about passing session variables but I cant get it to work. I am using PHPv5.0.3 and am trying to first create a new session ID then pass it to my next page without the use of cookies. My code is as follows:

file1.php:

<?php
ini_set('session.use_cookies', false);
session_start();
session_regenerate_id();
echo "sid = " . session_id();
?>

file2.php:

<?php
ini_set('session.use_cookies', false);
session_start();
echo "sid = " . session_id();
echo "<br>prev_sid= ".$_POST['session'];
?>

rehfeld

php doesnt know that you want the value of some arbitrary POST variable to be used as the session id. so you need to feed it the value manually.


session_start($_POST['session']);

devinemke

is there a specific reason you are not using session.use_trans_sid? this is designed specifically for propagating sessions without cookies.

micglu

I've changed file2 so it is:

<?php
ini_set('session.use_cookies', false);
session_start($POST['session']);
echo "sid = " . session_id();
echo "<br>prev_sid= ".$POST['session'];
?>

But it still does not work. Do I need apache configured a certain way?

The reason I am not using session.use_trans_sid is because:
a) I am not totally sure how to.
b) I don't want the session ID to appear in the url.
c) I'm letting another service host my site and I'm not sure if apache was built with it enabled.

devinemke

Originally posted by micglu
The reason I am not using session.use_trans_sid is because:
a) I am not totally sure how to.
b) I don't want the session ID to appear in the url.
c) I'm letting another service host my site and I'm not sure if apache was built with it enabled.

if you have access to php.ini simply change the session.use_trans_sid directive to ON. if you don't have access to php.ini then use [man]ini_set[/man] to do the same thing. you can always call [man]phpinfo[/man] to view your server configuration and see if it is already set for you.

rehfeld

when you say "doesnt work", what does that mean?

are you getting the variable in the next page?

you have 2 echo statements. what specifically do they produce?

also, its a good habit to quote your attribute values

tsinka

Hi,

I think the main problem could be the name of the hidden input. The default session name is PHPSESSID.
session_start() itself uses the configured session_name to find the session id info.
To make sure that the hidden input contains the correct name do something like this

 <input type="hidden" name="<?php echo session_name(); ?>" value="<?php echo session_id(); ?>">

If php has been configured to use cookies only then adding the session data to a hidden input doesn't work.

If your php app is supposed to run on different servers I'd suggest to implerment some logic that checks the current session settings and behaves accordingly (regarding session_start(), hidden inputs and includes of e.g. class data that needs to be included before the session starts).

Thomas

rehfeld

oops, silly me.

i thought you could feed the session id into session start, you cant.

but this should work.


session_id($_POST['session']);
session_start();

micglu

Success!!!

I was able to get the results I was hoping for using session_id( ) function; but, I definitely have to look more into the use_trans_session method.

Thanks all, for your time and help.

micglu

I meant use_trnas_sid 🙂

kidgeek_dfw

could you please post the code that finally worked...

Thanks,

KidGeek