Passing PHP Session Variables to JavaScript

matsko · January 22, 2009, 6:24am

I’m kinda having a dilemma as to how to pass (well more like bridge) session information to the client side from server side.

Right now, what I’m basically doing is echoing the userID and the username into a method in JavaScript tag at the bottom of every page.

The reason why I am doing this is simply for AJAX-related interactivity.

This is an example of what the code looks like:


<script type="text/javascript">document.storeSession("2:matsko");</script>

It works, but there are a few problems:

A) It requires JavaScript code to be pasted within the HTML document (its non-external).

B) It requires the code to be echoed in EVERY PAGE.

C) A PHP Script or Class must maintain the responsibility of printing the session values.

D) The variable data cannot be accessed from any imported javascript files prior to where it was printed.

Now, I’m wondering about using Cookies. This would benefit me since I don’t have to inject any ugly javascript code into the HTML output. I can also remove the PHP script that echoes the values and the changes will be purely handled in PHP (cookies can be updated!).

The only issue that’s stopping me is simply security. Since cookies can be edited very easily on the client side, then the data can be changed. But then again so can the JavaScript (using a tool like Grease Monkey).

Once again, I am aware to never ever to trust the client side data without any validation; therefore using some sort of hash checksum, the cookie data can be compared to its PHP equivalents.

Does anyone use this procedure?

mastermindxs · January 22, 2009, 2:40pm

Cookies seem to me like your best shot since both PHP and Javascript can easily make and manipulate cookies.

Another way I’ve used PHP to pass variables to the javascript globally is by including a file in the <head> section of each page that echoes values into javascript so that you end up with this <script> tag:


<script type="text/javascript">
    var SessionVars = {
        user: "user1",
        id: "id1"
    }
</script>

this creates a SessionVars object which contains properties that you can easily access with SessionVars.user, or SessionVars.id anywhere in your scripts as long as your scripts are declared below the above mentioned <script>

again the issue of security is obvious here, but just decided to mention this technique since I learned it here at sitepoint!

MopedBob · January 22, 2009, 5:46pm

I’m glad you asked this question, because I was doing exactly what you were:
<?php echo ‘<script type=“text/javascript”>’.$variable.‘</script>’; ?>
I didn’t think about using cookies, but cookies seem more elegant, and passing information about state is what cookies are for. So when the information needs to be available site wide or page 2 page, I’d use a cookie.
If I was just using information on 1 page only, I’d just use the script tag. Who here is with me?

crmalibu · January 23, 2009, 6:40am

If this data comes from the server side, why would you send it back to the server? The server already has the data. I beleive this is what you’re doing since you mention validating data from the client.

Why not just use serverside sessions?

system · October 8, 2014, 12:49am