Sessions??

[bluedollar]

I have the following bits of code:

<?php
session_start();
?>
<html>
<head>
<title>Listing 16.2 Storing variables in a session</title>
</head>
<body>
<?php
session_register( &quot;product1&quot; );
session_register( &quot;product2&quot; );
$product1 = &quot;Sonic Screwdriver&quot;;
$product2 = &quot;test 2&quot;;
print &quot;The products have been registered.&quot;;
?>
</body>
</html>

==========================================================

<?php
session_start();
?>
<html>
<head>
<title>Listing 16.3 Accessing stored session variables</title>
</head>
<body>
<?php
print &quot;Your chosen products are:\n\n&quot;;
print &quot;<ul><li>$product1\n<li>$product2\n</ul>\n&quot;;
?>
</body>
</html>

======================================================

PROBLEM

The first bit of code succefully creates a cookie with the following content:

product1|s:17:&quot;Sonic Screwdriver&quot;;product2|s:6:&quot;test 2&quot;;

However the second bit of code fails to read this information.

========================================================

CONFIG

The session part of php.ini is configured as follows:

[Session]
session.save_handler = files ; handler used to store/retrieve data
session.save_path = \tmp ; argument passed to save_handler
; in the case of files, this is the
; path where data files are stored
session.use_cookies = 1 ; whether to use cookies
session.name = PHPSESSID
; name of the session
; is used as cookie name
session.auto_start = 1 ; initialize session on request startup
session.cookie_lifetime = 0 ; lifetime in seconds of cookie
; or if 0, until browser is restarted
session.cookie_path = \ ; the path the cookie is valid for
session.cookie_domain = ; the domain the cookie is valid for
session.serialize_handler = php ; handler used to serialize data
; php is the standard serializer of PHP
session.gc_probability = 1 ; percentual probability that the
; 'garbage collection' process is started
; on every session initialization
session.gc_maxlifetime = 1440 ; after this number of seconds, stored
; data will be seen as 'garbage' and
; cleaned up by the gc process
session.referer_check = ; check HTTP Referer to invalidate
; externally stored URLs containing ids
session.entropy_length = ; how many bytes to read from the file
session.entropy_file = ; specified here to create the session id
; session.entropy_length = 16
; session.entropy_file = /dev/urandom
session.cache_limiter = nocache ; set to {nocache,private,public} to
; determine HTTP caching aspects
session.cache_expire = 180 ; document expires after n minutes
session.use_trans_sid = 1 ; use transient sid support if enabled
; by compiling with --enable-trans-sid
url_rewriter.tags = &quot;a=href,area=href,frame=src,input=src,form=fakeentry&quot;

=======================================================

QUESTION

- What am I doing wrong?

Any help would be greatly appreciated.

Thanks

Dan

 

[DRJ478]

Here some advice:

1. You are counting on register_globals is on. That assumption can be fatal - and for good security reasons register_globals has been off by default for some time.

2. Use the superglobal array $_SESSION to set and retrieve your session data. It also adds clarity to your code since you know exactly where the value comes from, namely the session. $myVar could be anything while $_SESSION['myVar'] clearly states that it is the session variable. The $_SESSION array is also superglobal, hence you can refer to it the same way anywhere in your code.

session_start();
$_SESSION['product1'] = 'Sonic Screwdriver';
$_SESSION['product2'] = 'test2';
#
# in the next page you can access the variables
session_start();
echo($_SESSION['product1']);

Sometimes people dislike writing $_SESSION['myVar'] and prefer $myVar. IMO the little extra typing has benefits of clarity and portability. You can also use an editor like Edit+ that has auto-completion and when you type _SESSION it completes it to $_SESSION[].

Hope that helps.

 

[jimoblak]

I'm just a clueless fool but should all session stuff be done before you start sending the <html> tag? The first bit of code seems odd with the session registering after the <html> tag.

- - picklefish - -

 

[DRJ478]

The session_start() should be first in the script. This is a requirement for cookie based sessions.

As for settings sessions vars sith session_register() to my knowledge this can be done anywhere in the script. As said in my first post, IMO $_SESSION['varname'] is preferable to session_register().

The PHP manual says:
If you want your script to work regardless of register_globals, you need to use the $_SESSION array. All $_SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where register_globals is disabled.

 

[bluedollar]

I have changed my code to:

<html>
<head>
<title>Listing 16.2 Storing variables in a session</title>
</head>
<body>
<?php
session_start();
$_SESSION['product1'] = 'test 1';
$_SESSION['product2'] = 'test 2';
?>
</body>
</html>

===========================================================

<html>
<head>
<title>Listing 16.3 Accessing stored session variables</title>
</head>
<body>
<?php
session_start();
echo($_SESSION['product1']);
?>
</body>
</html>

========================================================

However when a cookie is created it now contains no information.

Any ideas?

Thanks

Dan

 

[sleipnir214]

For one thing, you're outputting HTML code before you issue session_start().

Try the scripts in this form:

<?php
session_start();
?>
<html>
<head>
<title>Listing 16.2 Storing variables in a session</title>
</head>
<body>
<?php
$_SESSION['product1'] = 'test 1';
$_SESSION['product2'] = 'test 2';
?>
</body>
</html>

===========================================================

<?php
session_start();
?>
<html>
<head>
<title>Listing 16.3 Accessing stored session variables</title>
</head>
<body>
<?php
echo($_SESSION['product1']);
?>
</body>
</html>

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[DRJ478]

As sleipnir says and it was pointed out in my previous post:
session_start() should be first.

The cookie has no other information than the PHPSESSID (session id) since the session data is kept server side.

 

[bluedollar]

Changed code to:

<?php
session_start();
?>
<html>
<head>
<title>Listing 16.2 Storing variables in a session</title>
</head>
<body>
<?php
$_SESSION['product1'] = 'test 1';
$_SESSION['product2'] = 'test 2';
echo'Done';
?>
</body>
</html>

====================================================

<?php
session_start();
?>
<html>
<head>
<title>Listing 16.3 Accessing stored session variables</title>
</head>
<body>
<?php
echo'The items are:';
echo($_SESSION['product1']);
?>
</body>
</html>

=================================================

However same problem as before cookie produced but contains no info.

Thanks for the help

Dan

 

[DRJ478]

Need some more info:
How are you accessing these scripts?

 

[sleipnir214]

And what version of PHP are you running?

$_SESSION was not introduced to the language until version 4.1.0. Before that, you used $HTTP_SESSION_VARS.

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[bluedollar]

I am using apache as a web server and Internet explorer 5 as a browser all based on a the same system. I am using php version 4.0.5.

I have changed the code to:

<?php
session_start();
?>
<html>
<head>
<title>Listing 16.2 Storing variables in a session</title>
</head>
<body>
<?php
$HTTP_SESSION_VARS['product1'] = 'test 1';
$HTTP_SESSION_VARS['product2'] = 'test 2';
echo'Done';
?>
</body>
</html>

===================================================

<?php
session_start();
?>
<html>
<head>
<title>Listing 16.3 Accessing stored session variables</title>
</head>
<body>
<?php
echo'The items are:';
echo($HTTP_SESSION_VARS['product1']);
?>
</body>
</html>

==================================================

However still the same problem

Thanks

Dan

 

[sleipnir214]

There's the problem. $_SESSION was only introduced to the language in version 4.1.0.

Replace every string &quot;$_SESSION&quot; with &quot;$HTTP_SESSION_VARS&quot; and see what happens.

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[DRJ478]

bluedollar,

If you can, upgrade your PHP. The benefits of versions 4.2 and later are worthwhile the work of upgrading.