Session variables in functions via includes

[JRBeltman]

Dear all,
I am trying to get the following code functioning in a much more complex situation as this example.

I wish to set the session variable in a function that is in a separate php file called with include : )

If I test it without this 'include' my code will be working:
(I know that for the real thing using $_SESSION[] is better, but it does not solve my problem)

File test1.php

<?
  session_start();
  if(!session_is_registered('testing'))
  {
    session_register('testing');
  }
?>
  <A HREF="test3.php"
    onMouseOver="window.status='hi you';return true"
    onclick="<?=$testing=75?>">HTML Goodies</A>
<?
?>

File test3.php

<?php
  session_start();
  echo $testing." points for me";
  session_destroy();
?>

This will output: 75 points for me

Now the problem (please keep in mind that due to some factors I can not call the session_register only in test2.php and it must be set and used in test1.php)

File test1.php

<?
  include("test2.php");

  session_start();
  if(!session_is_registered('testing'))
  {
    session_register('testing');
  }
  testsession();
?>

File test2.php

<?
  function testsession()
  {
    ?>
      <A HREF="test3.php"
        onMouseOver="window.status='hi you';return true"
        onclick="<?=$testing=75?>">HTML Goodies</A>
    <?
  }
?>

File test3.php

<?
  session_start();
  echo $testing." points for me";
  session_destroy();
?>

I expected the same outcome, but instead the $testing variable has not registered?!

Anyone who can help?

Many thanks
JR

 

[JRBeltman]

Many thanks to all for your contribution,
I will think about the best solution for this problem and perhaps post it here. Server side Java scripting or encryption or..............

 

[sleipnir214]

I don't see where PHP session-variable manipulation with server-side Java is going to give you any more functionality than PHP session-variable manipulation with server-side PHP.



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[JRBeltman]

Well, a java onclick action will only excecute onclick (I assume) and if that action can (using java) manipulate my php session variable maybe I am there....

Although I am more about to give up as it stands

 

[sleipnir214]

Again, if you're talking about "onclick", you're talking about client-side program code.

And again, client-side program code cannot manipulate PHP session variables. Any code which might manipulate PHP session variables would have to run on the server, not the client.

The only way that any client-side action can initiate the manipulation of PHP session variables is when that client-side action causes the invocation of program code on the server.



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[JRBeltman]

Yes,
I understand the problem. but as 7 of 9 said in Voyager: Nothing is impossible!

Therefore I suggest that we come up with something that works in the middle and can do what I want (wouldn't it be great! if only)

Anyway, I am afraid that you are absolutely right. I can still pass my vars using a form and maybe have to stick with that 'earlier' solution. Well a man can't always have what he wants (very unhappy now)

 

[sleipnir214]

This is HTML and HTTP. If you're trying to modify the data in a server-side session store, in order for it to be impossible you're going to have to find some undocumented hole in both the protocols and the software.


What, exactly, is it that you are trying to hide from your users?



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[JRBeltman]

Oh well nothing special.
But I thought it would look nice not to parse variables like:

index.php?variable=123

So I started using a form and clever bit of java that one of the forum users supplied (really kind).

Then I wanted to hide the hyperlink in the status bar that looked like:

javascript...bla bla

So decided to use OnMouseOver which worked great.
But then I discovered that when you click the link it shows (for a second orso) in the status bar and wanted to get rid of this so thought of storing the variable in a session var before going to the next page.

Obviously this would not have been a problem if I had just one link needing the same session variable, but I have a list of links using the same session variable.

So all fell apart

 

[sleipnir214]

If you simply don't want the URL to display the ID, use lots of individual, small, special purpose POST-method forms on your pages.



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[JRBeltman]

Yes, I will indeed go back to that solution.
Not happy with it though! : (