[SOLVED]How to get SESSION vars from PHPSESSID w/o a cookie?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
abeall
Forum Commoner
Posts: 41
Joined: Sun Feb 04, 2007 11:53 pm

[SOLVED]How to get SESSION vars from PHPSESSID w/o a cookie?

Post by abeall »

I'm working on a project in which I'm facing a situation where I will not be able to send cookie data, but I can send the PHPSESSIONID(as returned by JS document.cookie) via a querystring, like this:

script.php?sessid=u92yh54t7356953h6957

The question is, how would I retrieve $_SESSION variables at that point? Since the cookie has not been sent, it seems $_SESSION would not be registered, but I would have the valid session id, so how to I access that session object?
Last edited by abeall on Mon Feb 05, 2007 11:32 am, edited 1 time in total.
User avatar
kaszu
Forum Regular
Posts: 749
Joined: Wed Jul 19, 2006 7:29 am

Post by kaszu »

http://uk.php.net/manual/en/function.session-id.php - This may be useful in this situation.

http://uk.php.net/manual/en/ref.session.php - Session handling functions
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Re: How to get SESSION vars from PHPSESSID without a cookie?

Post by alex.barylski »

abeall wrote:I'm working on a project in which I'm facing a situation where I will not be able to send cookie data, but I can send the PHPSESSIONID(as returned by JS document.cookie) via a querystring, like this:

script.php?sessid=u92yh54t7356953h6957

The question is, how would I retrieve $_SESSION variables at that point? Since the cookie has not been sent, it seems $_SESSION would not be registered, but I would have the valid session id, so how to I access that session object?
Heh???

You can't send cookie data but you can send cookie identifiers? In this case PHPSESSIONID?

Why are you doing this - the only thing I can think of is your trying to communicate across seperate domains? In which case if your domains are hosted on seperate servers - your screwed.

I believe you can pass the SESSION ID's over to a seperate domain, if their both hosted on the same shared server, but thats it...

What is it exactly, you are trying to accomplish?
abeall
Forum Commoner
Posts: 41
Joined: Sun Feb 04, 2007 11:53 pm

Post by abeall »

Thanks. Interestingly, I have both those pages open in tabs, I guess I'm on the right track. I'm not sure I completely get how session_id() works, but I tried something simple, like this:

Code: Select all

// authenticate via $_SESSION, or $_GET['sessid'] if provided
if($_GET['sessid']){
	session_id($_GET['sessid']);
}

session_start();
$loggedIn = $_SESSION['pb_loggedIn'];

if($loggedIn) {
...
And it seems to do what I want. I can have an unauthenticated/logged in browser(in my test, FireFox), then grab the session ID from an authenticated browser(IE7), and insert it in the query, and I get authenticated results. Thanks!
abeall
Forum Commoner
Posts: 41
Joined: Sun Feb 04, 2007 11:53 pm

Post by abeall »

Why are you doing this - the only thing I can think of is your trying to communicate across seperate domains? In which case if your domains are hosted on seperate servers - your screwed.
An interesting question. I'm using Flash 8 to upload files via POST data. Sadly, while Flash 8 will send cookie data with other HTTP calls, it seems to have inconsistent results with the particular upload method. All my tests have successfully sent cookie data with the upload method(testing FF and IE7, default security settings), however there are many confirmed results from other Flash users that cookies aren't successfully sent with the Flash upload method(though no official word from Adobe AFAIK), so I'm hesitant to rely on it.

As a result, I'm retrieving PHPSESSIONID via JavaScript(document.cookie), and appending it to the URL which is the PHP script to handle the uploaded file. Ugly as sin, I know...
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

Hmmmm...ok...

I believe that relying on PHPSESSIONID inside your Javascript...is a bad idea...session_id() returns the name of the session (in this case PHPSESSIONID) but it can be changed via the session_id() function as well. So if you can pass the results of session_id() to your javascript that might work better - if my assumption is accurate :)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Hockey wrote:Hmmmm...ok...

I believe that relying on PHPSESSIONID inside your Javascript...is a bad idea...session_id() returns the name of the session (in this case PHPSESSIONID) but it can be changed via the session_id() function as well. So if you can pass the results of session_id() to your javascript that might work better - if my assumption is accurate :)
Hockey's referring to session_name(). session_id() will return the ID number. ;)
abeall
Forum Commoner
Posts: 41
Joined: Sun Feb 04, 2007 11:53 pm

Post by abeall »

feyd wrote:
Hockey wrote:Hmmmm...ok...

I believe that relying on PHPSESSIONID inside your Javascript...is a bad idea...session_id() returns the name of the session (in this case PHPSESSIONID) but it can be changed via the session_id() function as well. So if you can pass the results of session_id() to your javascript that might work better - if my assumption is accurate :)
Hockey's referring to session_name(). session_id() will return the ID number. ;)
Better yet, since the page is PHP I can skip the JS and just embed the session ID directly into Flash(using session_name() I guess) with Flash's embed/object tags, since the problem is only in Flash's HTTP request, but the page itself is generated by sessioned PHP. Thanks both.
Post Reply