Page 1 of 2

session variable is not forwarding between pages

Posted: Wed Apr 14, 2004 10:10 am
by stanfish
i have three simple files to test if my session works, it supposes to print "Yes" when entering the file session3.php, but it always print "No". Anyone has any idea? Is there anything that I can set to make it work?

session.php

Code: Select all

<form action=session2.php>
<input name=a>
<input type=submit name=submit value="111">
</form>

session2.php

Code: Select all

<?php
session_start();
header("Cache-control: private");
$_SESSION['name']=$a;
print $_SESSION['name'];
?>
<form action=session3.php>
<input type=submit name=submit value="111">
</form>

session3.php

Code: Select all

<?php
session_start();
header("Cache-control: private");
if ($_SESSION['name'])
	print 'Yes';
else
	print 'No';
?>

Posted: Wed Apr 14, 2004 10:13 am
by JayBird
you might want to try changing this line in session2.php

Code: Select all

$_SESSION['name']=$a;
to..

Code: Select all

$_SESSION['name']=$_GET['a'];
Mark

Posted: Wed Apr 14, 2004 10:15 am
by magicrobotmonkey
What does session2 print for $_SESSION['name']? you should change $a to $_POST['a']

Posted: Wed Apr 14, 2004 10:18 am
by JayBird
magicrobotmonkey wrote:What does session2 print for $_SESSION['name']? you should change $a to $_POST['a']
GET is the default method in forms where no method has been set

Mark

Posted: Wed Apr 14, 2004 10:18 am
by stanfish
It still doesn't work.
I found that it may not be a problem in my code. It may be the problem with my setting of php.ini because when i run these code in some web hosting, it WORKS. This is the setting in my php.ini

php.ini

[Session]
session.save_handler = /temp/files ; handler used to store/retrieve data
session.save_path = /temp ; argument passed to save_handler
; in the case of files, this is the
; path where data files are stored
session.use_cookies = 1 ; whether to use cookies
session.name = PHPSESSID
; name of the session
; is used as cookie name
session.auto_start = 0 ; initialize session on request startup
session.cookie_lifetime = 0 ; lifetime in seconds of cookie
; or if 0, until browser is restarted
session.cookie_path = / ; the path the cookie is valid for
session.cookie_domain = ; the domain the cookie is valid for
session.serialize_handler = php ; handler used to serialize data
; php is the standard serializer of PHP
session.gc_probability = 1 ; percentual probability that the
; 'garbage collection' process is started
; on every session initialization
session.gc_maxlifetime = 1440 ; after this number of seconds, stored
; data will be seen as 'garbage' and
; cleaned up by the gc process
session.referer_check = ; check HTTP Referer to invalidate
; externally stored URLs containing ids
session.entropy_length = 0 ; how many bytes to read from the file
session.entropy_file = ; specified here to create the session id
; session.entropy_length = 16
; session.entropy_file = /dev/urandom
session.cache_limiter = private ; set to {nocache,private,public} to
; determine HTTP caching aspects
session.cache_expire = 180 ; document expires after n minutes
session.use_trans_sid = 1 ; use transient sid support if enabled
; by compiling with --enable-trans-sid
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Posted: Wed Apr 14, 2004 10:20 am
by JayBird
stanfish wrote:It still doesn't work.
I found that it may not be a problem in my code. It may be the problem with my setting of php.ini because when i run these code in some web hosting, it WORKS.
This may be becuase of this different with the setting register_globals in the php.ini.

What is yours set to?

Mark

Posted: Wed Apr 14, 2004 10:23 am
by stanfish
I try to search for the word "register_globals" in my php.ini file, I found nothing.
How to set the register_globals?

Thanks!

Posted: Wed Apr 14, 2004 10:25 am
by JayBird
search again, it is there in the "Data Handling" section

Mark

Posted: Wed Apr 14, 2004 10:32 am
by magicrobotmonkey
Oh yea good point, I didn't notice that. Is it generally better to use $_POST for form vars and $_GET for URL vars?

Posted: Wed Apr 14, 2004 10:34 am
by stanfish
You are right. It is under data handling. Here is it:


;;;;;;;;;;;;;;;;;
; Data Handling ;
;;;;;;;;;;;;;;;;;
; Note - track_vars is ALWAYS enabled as of PHP 4.0.3
variables_order = "EGPCS" ; This directive describes the order in which PHP registers
; GET, POST, Cookie, Environment and Built-in variables (G, P,
; C, E & S respectively, often referred to as EGPCS or GPC).
; Registration is done from left to right, newer values override
; older values.
register_globals = On ; Whether or not to register the EGPCS variables as global
; variables. You may want to turn this off if you don't want
; to clutter your scripts' global scope with user data. This makes
; most sense when coupled with track_vars - in which case you can
; access all of the GPC variables through the $HTTP_*_VARS[],
; variables.
; You should do your best to write your scripts so that they do
; not require register_globals to be on; Using form variables
; as globals can easily lead to possible security problems, if
; the code is not very well thought of.
register_argc_argv = On ; This directive tells PHP whether to declare the argv&argc
; variables (that would contain the GET information). If you
; don't use these variables, you should turn it off for
; increased performance
post_max_size = 8M ; Maximum size of POST data that PHP will accept.
gpc_order = "GPC" ; This directive is deprecated. Use variables_order instead.

; Magic quotes
magic_quotes_gpc = On ; magic quotes for incoming GET/POST/Cookie data
magic_quotes_runtime= Off ; magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_sybase = Off ; Use Sybase-style magic quotes (escape ' with '' instead of '')

; automatically add files before or after any PHP document
auto_prepend_file =
auto_append_file =

; As of 4.0b4, PHP always outputs a character encoding by default in
; the Content-type: header. To disable sending of the charset, simply
; set it to be empty.
; PHP's built-in default is text/html
default_mimetype = "text/html"
;default_charset = "iso-8859-1"

Posted: Wed Apr 14, 2004 10:35 am
by JayBird
magicrobotmonkey wrote:Oh yea good point, I didn't notice that. Is it generally better to use $_POST for form vars and $_GET for URL vars?
Depends on the situation.

Large amount of information or sensitive information use POST.

GET is good for say a product catalogue becuase if someone bookmarks a product that is called by a specific ID, they can bookmark that link with the query to return directly to that page.

I also you get for small amounts of insensitive data.

Mark

Posted: Wed Apr 14, 2004 11:05 am
by stanfish
The register_globals is set to be On. Is it right?

Thanks!

Posted: Wed Apr 14, 2004 11:26 am
by JayBird
You code should be okay if the globals are On, even though it is better to have them turned off.

in session3.php, try changing

Code: Select all

if ($_SESSION['name'])
to...

Code: Select all

if (!empty($_SESSION['name']))

Posted: Wed Apr 14, 2004 11:33 am
by stanfish
I just try it, but it still doesn't work.

I am wondering why the code works in some web hosting, but not my computer.
I am thinking about the session folder. Is the "temp" folder located in the localhost folder?

Thanks!

Posted: Wed Apr 14, 2004 11:36 am
by markl999
session.save_handler = /temp/files should be just
session.save_handler = files