Keeping hidden data across pages

[RocketMan]

Helge:

OK...I ran a quick test with Test1.php and Test2.php and everything worked FINE!!!

1. No undefined index errors
2. No variable errors
3. "Sweet"

So I'm not understanding why all the errors with the previous code snippets.

BTW, is there a trick to 'hiding' the SessionID numbers from displaying in the browser window?

Like:
test2.php?PHPSESSID=3931a4e2688a28bde7047b5c0aae830b
...mabye becomes just:
test2.php?

???

Thanks.

[Helge]

Hi.

I checked...both my WIN2K and ISP's AIX Unix are configured for Sessions = Enabled

Good

OK...I ran a quick test with Test1.php and Test2.php and everything worked FINE!!!

Good again When running those test pages, did the SessionID appear in the url?

So I'm not understanding why all the errors with the previous code snippets.

I don't think I do either.

BTW, is there a trick to 'hiding' the SessionID numbers from displaying in the browser window?

Yes. I think you can change somethingcalled session.use_trans_sid in your PHP settings to '0'. But dooing that means that people that have turned off cookies in their browser won't get the session working. And that would probably "brake" your site. Putting the SessionId in the url is kind of PHP rescue when people don't allow cookies. (I'm not 100% sure if what I'm saying here is correct, but I do think so. I think this is starting getting beyond my knowledge )
So, what are the cookie settings in your browser?

-Helge

[RocketMan]

Helge:

Finally back on, and ran the two test.php pages.

No problem...both worked fine!

So, I'm wondering here...are you running PHP with "Register_globals OFF" or do you have "ON" ???

My ISP runs "OFF" as do most since a year ago.

[Helge]

So, I'm wondering here...are you running PHP with "Register_globals OFF" or do you have "ON"

My ISP (university) has the register globals set to ON. But I have the following .htaccess in my directory:

PHP Code:

<IfModule mod_php4.c> 
    php_flag register_globals off 
    php_value magic_quotes_gpc off
    php_flag session.use_trans_sid on
    php_flag session.auto_start off
</IfModule> 


And I belive that should set the register globals to OFF.

-Helge

[RocketMan]

Helge:

Yes, the Session ID showed in the URL.

Thank you very much again for all of your assistance and helping me better understand Sessions, etc.

Best of luck (and skill) in your studies at the University!!!

BTW, I am 50% Swedish...your neighbor Country *

Regards,

P.S. * But here in the USA

[Helge]

So did you get it working?

We love our swedish neighbors

-Helge

[RocketMan]

Hi Helge:

I have some more 'stuff' to incorporate into this whole thing, so don't have it all running yet together.

Many late nights & must finish some other work too

[RocketMan]

Helge:

I made a very shocking discovery here.

In trying to go from the tax to shipping to next processing pages, it appears the major problem is that $_SESSION['var'] assignments do NOT end up getting transferred when there is a 'header' function.

I re-ran your two test pages and, yes, the Session ID showed up in the URL as before.

So, I tried to use the $salestax = $_SESSION['salestax'], etc. approach again, but NO SESSION ID shows in the URL when the 'header' in the loop executes.

I then commented out the 'header' line and used a manual href page link like in your test file, and *THAT* worked...including the Session ID in the URL for the next page.

So, apparently there is some kind of 'secret' command or something which needs to be included in the 'header' line in order for this to all work with $_SESSION ???

Yes, this appears to be much of the frustration and problems earlier in this thread

"HELP!!!"

Thank you.

[sweatje]

Have your confirmed that you are using tansparent SID as Helge mentioned before?

[RocketMan]

Have your confirmed that you are using tansparent SID as Helge mentioned before?

Huh? ('transparent SID')...what is that???

Regarding the simple test1.php and test2.php pages Helge posted, the SESSION worked fine from test1 to test2...but this was with a manual link click.

So, I just changed the file name and ztest1.php now has a 'header' go-to-ztest2.php and the #&^! SESSION WILL NOT WORK!!!!!!!

No wonder after hours & hours (days & days) of trying to get the other pages to work and they would not.

PHP Code:

<?php 
error_reporting(E_ALL); 
session_start(); 
$test = 'Testing if the session is working.'; 
echo 'Sentence that is put into the session: <br />'; 
echo $test; 
$_SESSION['test'] = $test; 
header('Location: ztest2.php');
?>

This goes directly to ztest2.php and there is NO '$test' string displayed AND the follow error shows:

PHP Code:

[b]Notice[/b]: Undefined index: test in echo $_SESSION['test']; 


ARRRRGGGHHHHHHH!!! This makes absolutely no sense at all. Surely there is some 'trick' involving the 'header' ???

It turns out I can NOT pass 2 $vars using the blah.php?var1=$var1&var2=$var2 method because it will NOT work...and it MUST work with "Register_globals OFF".

This is driving me N-U-T-S-O

BTW, I checked both my PC and ISP's Unix settings:

PHP Code:

session.use_trans_sid  <---- This is set for "1" on my PC
session.use_trans_sid  <---- This is set for "Off" on my ISP's Unix 


I tested the page1,2,3,4 files from Helge on both my PC and my ISP's Unix ... always the same results: errors and no $variables display on subsequent pages. I can not change my ISP's settings and don't know what the difference is between my "1" and the ISP's "Off".

ARRRGGGHHHH!!!

[sweatje]

from http://www.php.net/session

Passing the Session ID

There are two methods to propagate a session id:

Cookies
URL parameter

The session module supports both methods. Cookies are optimal, but because they are not always available, we also provide an alternative way. The second method embeds the session id directly into URLs.

PHP is capable of transforming links transparently. Unless you are using PHP 4.2 or later, you need to enable it manually when building PHP. Under UNIX, pass --enable-trans-sid to configure. If this build option and the run-time option session.use_trans_sid are enabled, relative URIs will be changed to contain the session id automatically.

[RocketMan]

Thanks, sweatje.

I've been doing a lot of reading too, like:

PHP Code:

[font=Courier New]It appears that you cannot really mix and match the old and new ways of registering session variables.

old: 
register_globals = ON 
$name = 'John Smith'; 
session_register ('name'); 

new: 
register_globals = OFF 
$_SESSION['name'] = 'John Smith'; [/font]
[font=Courier New][/font] 


I run "Register_globals OFF" (doesn't everyone for better security???). So does my ISP.

But I have yet to understand HOW the 'SID' gets a-u-t-o-m-a-t-i-c-a-l-l-y assigned, except that in Helge's test1.php and test2.php it all worked fine.

HOWEVER, when using the 'header' redirects, the SID vanishes and nothing works.

My gosh, this should NOT be that difficult. And on top of this the #&^! Chinese keep trying to break into my computer and I am about ready to get on a plane and go do some SERIOUS 'castration' over there

[Helge]

Hi.
This one is hard one.

I think the really odd thing is that sesssion using the cookie metod won't work. So i'll repeat my question (I can't see that you answered it )

So, what are the cookie settings in your browser?

One, very experimental , solution is:

test1.php

PHP Code:

<?php
// test1php
error_reporting(E_ALL);
ob_start();
session_start();

$_SESSION['var'] = 'Yes';
$sessionid = session_id();
$url = "test2.php?SID=$sessionid";

if(isset($_POST['redirect']) && $_POST['redirect'] == "Redirect") {
    ob_end_clean();
    header("Location: $url");
    exit;
}

echo '<h3>test1.php</h3>';

echo '<p>Session contain the string: ' . $_SESSION['var'] . '</p>';
echo "<p>Sessionid: $sessionid</p>";
echo "<p>Redirect url is: $url</p>";

echo "<p><form method=\"post\" action=\"{$_SERVER['PHP_SELF']}\">";
echo '<button type="submit" name="redirect">Redirect</button>';
echo '</form></p>';

ob_end_flush();
?>

test2.php

PHP Code:

<?php
// test2.php
error_reporting(E_ALL);
session_id(strip_tags($_GET['SID']));
session_start();

$sessionid = session_id();

echo '<h3>test2.php</h3>';

echo '<p>Sessionid transferred using GET: ' . $_GET['SID']. '</p>';
echo "<p>Sessionid is now: $sessionid</p>";
echo '<p>Did the session got transferred? ' . $_SESSION['var'] . '</p>';
echo '<p><a href="test1.php">Back</a></p>';
?>

I've tried different things and I don't know if my solution will work for you, because I don't experience the same problems as you when testing the scripts. I also don't know how to secure your SID on page test2.php when it's used in the session_id() function.

-Helge

[sweatje]

I regularly use $_SESSION in combination with a framework that relies on header redirects without any issues.

Here is my relavant configuration data:

Configure Command => './configure' '--with-zlib-dir' '--with-png-dir' '--with-gd=/usr/local' '--enable-gd-native-ttf' '--with-freetype-dir' '--with-gettext' '--with-mcrypt' '--with-system-regex' '--without-mysql' '--with-oracle' '--with-oci8' '--enable-ftp' '--enable-sockets' '--enable-dbx' '--prefix=/pkg/prdcrm/apache/php' '--with-apache=../apache_1.3.27'

register_globals => Off => Off

session

Session Support => enabled
Registered save handlers => files user

Directive => Local Value => Master Value
session.auto_start => Off => Off
session.bug_compat_42 => On => On
session.bug_compat_warn => On => On
session.cache_expire => 180 => 180
session.cache_limiter => nocache => nocache
session.cookie_domain => no value => no value
session.cookie_lifetime => 0 => 0
session.cookie_path => / => /
session.cookie_secure => Off => Off
session.entropy_file => no value => no value
session.entropy_length => 0 => 0
session.gc_dividend => 100 => 100
session.gc_maxlifetime => 1440 => 1440
session.gc_probability => 1 => 1
session.name => PHPSESSID => PHPSESSID
session.referer_check => no value => no value
session.save_handler => files => files
session.save_path => /tmp => /tmp
session.serialize_handler => php => php
session.use_cookies => On => On
session.use_only_cookies => Off => Off
session.use_trans_sid => Off => Off

[RocketMan]

Hello nice folks:

Well, I tried the (new)test1.php & (new)test2.php and the SessionID displays in the URL *and* "Yes" got transferred and displayed on (new)test2.php !!!

Now, the question is will "Yes" from page 1 actually get passed to page 3, etc. --- like your original page 1,2,3 & 4 example(s)? This will be a "Miracle" to see this happen!!!

Can you possibly help me to re-code the page1,2,3 & 4 previous examples to see if this will work?

Thank you for all your time in helping me...this has been VERY strange indeed with the $_SESSION problem.

[RocketMan]

Well, I tried to hack up the last scripts to see if 3 pages will work:
finaltest1.php

PHP Code:

<?php 
// finaltest1.php 
error_reporting(E_ALL); 
ob_start(); 
session_start(); 
$_SESSION['var1'] = 'YesPage1var'; 
$sessionid = session_id(); 
$url = "finaltest2.php?SID=$sessionid"; 
if(isset($_POST['redirect']) && $_POST['redirect'] == "Redirect" ) { 
ob_end_clean(); 
header("Location: $url" ); 
exit; 
} 
echo '<h3>finaltest1.php</h3>'; 
echo '<p>Session contain the string: ' . $_SESSION['var1'] . '</p>'; 
echo "<p>Sessionid: $sessionid</p>"; 
echo "<p>Redirect url is: $url</p>"; 
echo "<p><form method=\"post\" action=\"{$_SERVER['PHP_SELF']}\">"; 
echo '<button type="submit" name="redirect">Redirect</button>'; 
echo '</form></p>'; 
ob_end_flush(); 
?>

finaltest2.php

PHP Code:

<?php 
// finaltest2.php 
error_reporting(E_ALL); 
session_id(strip_tags($_GET['SID'])); 
session_start(); 
$_SESSION['var2'] = 'YesPage2var'; 
$sessionid = session_id(); 
$url = "finaltest3.php?SID=$sessionid"; 
if(isset($_POST['redirect']) && $_POST['redirect'] == "Redirect" ) { 
ob_end_clean(); 
header("Location: $url" ); 
exit; 
} 
echo '<h3>finaltest2.php</h3>'; 
echo '<p>Sessionid transferred using GET: ' . $_GET['SID']. '</p>'; 
echo "<p>Sessionid is now: $sessionid</p>"; 
echo '<p>Did var1 transferred to Page 2? ' . $_SESSION['var1'] . '</p>';
echo '<p>Session contain the Page 1 string: ' . $_SESSION['var1'] . '</p>'; 
echo "<p>Sessionid: $sessionid</p>"; 
echo "<p>Redirect url is: $url</p>"; 
echo "<p><form method=\"post\" action=\"{$_SERVER['PHP_SELF']}\">"; 
echo '<button type="submit" name="redirect">Redirect</button>'; 
echo '</form></p>';
echo '<p><a href="finaltest1.php">Back</a></p>'; 
?>

finaltest3.php

PHP Code:

<?php 
// finaltest3.php 
error_reporting(E_ALL); 
session_id(strip_tags($_GET['SID'])); 
session_start(); 
$sessionid = session_id(); 
echo '<h3>finaltest3.php</h3>'; 
echo '<p>Sessionid transferred using GET: ' . $_GET['SID']. '</p>'; 
echo "<p>Sessionid is now: $sessionid</p>"; 
echo '<p>Did the Page 1 session get transferred to Page 3? ' . $_SESSION['var1'] . '</p>'; 
echo '<p>Did the Page 2 session got transferred to Page 3? ' . $_SESSION['var2'] . '</p>'; 
echo '<p><a href="finaltest2.php">Back to Page 2</a></p>'; 
echo '<p><a href="finaltest1.php">Back to Start</a></p>';
?>

What I am getting is:

PHP Code:

[b]Notice[/b]: Undefined index: SID in [b]finaltest2.php[/b] on line [b]4[/b]

[b]Warning[/b]: Cannot send session cookie - headers already sent by (output started at finaltest2.php:4) in [b]finaltest2.php[/b] on line [b]5[/b]

[b]Warning[/b]: Cannot add header information - headers already sent by (output started at finaltest2.php:4) in [b]finaltest2.php[/b] on line [b]14[/b]

[b]Warning[/b]: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (C:\PHP\sessiondata) in [b]Unknown[/b] on line [b]0[/b] 


Obviously, I am doing something wrong

[sweatje]

Make session_start() the first statement (can be after the error_reporting() ) and see if that helps.

[RocketMan]

Thanks, sweatje. Tried it, but $vars don't pass and still numerous Notices/Warnings

[RocketMan]

Helge & all:

It appears I *finally* have a solution here.

At the top of EACH page:

PHP Code:

error_reporting(2039); // Temporary fix?  Without it, numerous Notices/warnings 
ob_start(); 
session_start();
$sessid = session_id(); 


In the code loops of EACH successive page until final processing page:

PHP Code:

$_SESSION['someformvar'] = $_POST['someformvar']; 
$url = "eachnextpage.php?" . session_name() . "=$sessid"; 
header("Location: $url"); 


FYI, I also tried sticking this in above but it didn't seem to work:

PHP Code:

// echo "<input type=\"hidden\" name=\"session_name\" value=\"session_id\">"; 


I don't know if the error_reportin(2039) might cause a problem on someone else's system, but for now I can use here myself which is a first step!

Thanks again to ALL who so kindly offered assistance, code examples & testing help.

Best Regards...

[RocketMan]

FINALLY...a resolution to the ultimate "Nightmare".

Helge & sweatje especially deserve some kind of Award for all their kind effots to assist me in this matter.

I am posting the following that it might help some other frustrated soul who has the same problem as it turned out I had.

My ISP has 'session.use_trans_sid' set to 'Off" ... or "0". There was a supposed workaround on the php.net pages to put code at the top of each script, but that does NOT work. I added a comment about this but the php.net moderator nuked it

I tried putting a php_flag in an .htaccess file which also did not work, but this was due to my ISP restricting such files from being set up by individual users.

The only option appeared to be that of my ISP re-compiling/re-installing PHP on the Unix with: --enable-trans-sid which they were not willing to do.

Fortunately, they DID setup an .htaccess file for me to work globally with all my 'www' directories/sites, with this one line in it:

PHP Code:

php_flag session.use_trans_sid 1 


So now, "Session" stuff WORKS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Umh, it would have been nice to know this about 50+ hours ago of trying everything under the sun.

A B-I-G thanks again to Helge & sweatje for helping me understand the 'basics' and for all the code examples. I'm just sorry I could not get them to work here for what is now known to be the reason.

Kind Regards,

[Helge]

Finally

-Helge