[RESOLVED] Session handling in URL

Hootnholler

Hi all,

Sorry to beat a dead horse, but this session handling debate is quite interesting. I have an issue with passing the session within an URL, but the original code does not transfer to another page. It refreshes the current page with the output.

Here's the code:

<?php // Script - sum.php 
session_name ('YourVisitID');
ini_set('session.use_cookies', 0); // Don't use cookies.
session_start();
include ('./includes/header.inc');
// Check if the form has been submitted. 

if (isset($_POST['submitted'])) { 

if (is_numeric($_POST['a']) && is_numeric($_POST['b'])) { 
// Print the heading. 
echo '<h1><font color="blue">Sum of Range</font></h1>'; 
$total = NULL; // Initialize $total. 
$numbers = range($_POST['a'],$_POST['b']); 
foreach ($numbers as $value) 
{ 
  $total += $value; 
} 
echo '<p><font color="blue">The sum of the range of numbers from ' . $_POST['a'] . ' to ' . $_POST['b'] . ' is ' . $total .'.</font></p>'; 



// Print some spacing. 
echo '<p><br /></p>'; 

} else { // Invalid submitted values. 
echo '<h1><font color="red">Error!</font></h1> 
<p class="error"><font color="red"><b>Please enter a valid number for a and b.</b></font></p><p><br /></p>'; 
} 

} // End of main isset() IF. 

// Leave the PHP section and create the HTML form.


?> 

<html> 
<body> 
<h2>Sum of a Range of Numbers</h2> 
<form action="sum.php" method="post"> 
<p>First Number: <input type="text" name="a" size="5" maxlength="10" value="<?php if (isset($_POST['a'])) echo $_POST['a']; ?>" /></p> 
<p>Last Number: <input type="text" name="b" size="5" maxlength="10" value="<?php if (isset($_POST['b'])) echo $_POST['b']; ?>" /></p> 
<p><input type="submit" name="submit" value="Calculate!" /></p> 
<input type="hidden" name="submitted" value="TRUE" /> 
</form> 
</body> 
</html> 
<?
include ('./includes/footer.inc');
?>

In short, this page is accessed from a custom menu on the page that is displayed with the session in the URL (header.inc). Both header.inc and footer.inc are generic scripts that just define the menus available to the registered and non-regsitered user.

My question is when I run the script and get an output, the session is lost. I would like to keep the session id in the URL, to keep the session active without cookies. I hope that this makes sense...

Thanks in advance to any and all help.

Hoot

suntra

Well, do you insert the "SID" variable in every link ? PHP is supposed to do it, but sometimes and in special conditions (like using javascript) it won't do it...

Maybe post the contents of header.inc...

Hootnholler

Hi Suntra,

Thank you for the quick response! I feel that I didn't explain the situation well enough and that it is kind of cryptic...

First, here's the requested code for header.inc

<html><body background=comp025.jpg><center>

<h1>Project</h1>

<Table width=700 cellpadding=10 border=10 bordercolor=black><tr><td align=right bgcolor=red>

<?
if (!$_SESSION['user_id']){
echo ("<a href=login.php>LOGIN</a> | ");
echo ("<a href=register.php>Register</a> | "); 
echo ("<a href=forgot.php>Forgot Password?</a>");  

}

else {
echo ("<a href=logout.php?".SID.">LOGOUT</a>"); 
} 
?>

<p></td></tr></table>
<table width=700 cellpadding=10 border=10 bordercolor=black><td width=100 valign=top bgcolor=red>

<?
if (!$_SESSION['user_id']){
echo ("<a href=index.php>Home</a><p>");
echo ("<a href=link.php>Links</a>");  

}

else {
echo ("<a href=loggedin.php?".SID.">HOME</a><p>"); 
echo ("<a href=question.php?".SID.">Quiz</a><p>"); 
echo ("<a href=discussion.php?".SID.">Discussion</a><p>"); 
echo ("<a href=share_url.php?".SID.">Share URLs</a><p>"); 
echo ("<a href=link.php?".SID.">More Information</a><p>"); 
echo("<a href=sum.php?".SID.">Sum</a><p>");
//echo("<a href=hangman.php?".SID.">Hangman</a><p>");
echo("<a href=courses.php?".SID.">Courses</a><p>");
} 

?>
</td><td valign=top>

This code does give the user the proper login credentials when passed from one screen to the next, from my testing.

Second, and probably some more explanation... When I do the calculate function on sum.php, I lose the session id since it is calling upon the same file.

Sequence of events: User logs in and is given the custom menu from header.inc. They click on 'sum' in the menu and are directed to the sum page with the session ID in the URL. They type in some numbers, hit caculate, and are given the answer, but the session ID is gone in the URL.

Is this a situation where I should create a custome page for the output to pass the session ID from one page to the next? I have had success doing that in other areas, but just not within the same page.

Thanks again for your thoughts.

Hoot

suntra

Did you put the SID in the <form> tag ?!

i.e. :
echo '<form method="post" action="./whatever_name.php' . SID . '">' . "\n";

Hootnholler

Doh!

Great call, Suntra. That is exactly what I was missing... I can't believe it was that obvious, well, I can, being new to PHP and all.

Here is the new code for anyone interested and future reference:

<?php // Script - sum.php 
session_name ('YourVisitID');
ini_set('session.use_cookies', 0); // Don't use cookies.
session_start();
include ('./includes/header.inc');
// Check if the form has been submitted. 

if (isset($_POST['submitted'])) { 

if (is_numeric($_POST['a']) && is_numeric($_POST['b'])) { 
// Print the heading. 
echo '<h1><font color="blue">Sum of Range</font></h1>'; 
$total = NULL; // Initialize $total. 
$numbers = range($_POST['a'],$_POST['b']); 
foreach ($numbers as $value) 
{ 
  $total += $value; 
} 
echo '<p><font color="blue">The sum of the range of numbers from ' . $_POST['a'] . ' to ' . $_POST['b'] . ' is ' . $total .'.</font></p>'; 



// Print some spacing. 
echo '<p><br /></p>'; 

} else { // Invalid submitted values. 
echo '<h1><font color="red">Error!</font></h1> 
<p class="error"><font color="red"><b>Please enter a valid number for a and b.</b></font></p><p><br /></p>'; 
} 

} // End of main isset() IF. 

// Leave the PHP section and create the HTML form.
?>

<html> 
<body> 
<h2>Sum of a Range of Numbers</h2> 
<? echo '<form method="post" action="sum.php?' . SID . '">' . "\n"; ?> 
<p>First Number: <input type="text" name="a" size="5" maxlength="10" value="<?if (isset($_POST['a'])) echo $_POST['a'];?>" /></p> 
<p>Last Number: <input type="text" name="b" size="5" maxlength="10" value="<?if (isset($_POST['b'])) echo $_POST['b'];?>" /></p> 
<p><input type="submit" name="submit" value="Calculate!" /></p> 
<input type="hidden" name="submitted" value="TRUE" /> 
</form> 
</body> 
</html>
<? 
include ('./includes/footer.inc');
?>

Merci beaucoup, Suntra. I truly thank you for your time and patience.

Hoot