I have a situation in which I my application receives an XML post which I parse, store the values in session variables, and return a forwarding URL with a session ID as a GET variable. That external application then forwards to my application where I pick up the SID and open that session, with all of the parsed variables.

Here's the tricky part that I can't get to work. I open that session with session_id($SID), which works. I then want that session to become the main session, but the next POST I do to another page, when I do a session_start(), it starts an empty session.

I've tried to trick it, and open the previous session, grab the session array, close the previous session and open a new session, and create the array, as such:

session_id($sid);
session_start();

$old_session=$SESSION;
$SESSION=array();
session_destroy();
session_unset();

session_start();
$_SESSION=$old_session;

This only works temporarily, since again, the next page I go to, session_start() starts a new session again.

The really annoying thing is the XML entry is an add-on to my application. When I log on normally, through a login page, session_start() always starts the same session and I have no problems.

I do notice that cookies do not seem to be being used.. even though I use:

ini_set('session.use_only_cookies',1);

I would see the cookies on my client if they were being used, right? I assume the problem would then go away because session_id($SID) apparently resets the cookie to the proper session id.

Any way to ensure cookies are being used?

thanks

Adam

    It seems like frames are messing up my sessions!! The client application needs my application to run within a frame, so I set up my test application to hit it with the XML and redirect within a frame.. but when I run it raw without the frame, the sessions are passed perfectly.. why would that possibly be?

    Also - once the session is set successfully, the application works in frames and without.. but it needs that initial .. something.. that I can't determine..

    And again - no cookies in my cookies folder, and I don't know how it's passing it through invisible form vars when I can go to a totally different page, then come back and the session is still set..

      It turns out IE will refuse the cookie being set from within a frame, and a special header must be used to tell IE that the frame content can be trusted..

      header('P3P: CP="CAO PSA OUR"');

      Courtesy of the comments on http://ca3.php.net/function.session-start

        Write a Reply...