I'm working on a project in which I'm facing a situation where I will not be able to send cookie data, but I can send the PHPSESSIONID(as returned by JS document.cookie) via a querystring, like this:
script.php?sessid=u92yh54t7356953h6957
The question is, how would I retrieve $_SESSION variables at that point? Since the cookie has not been sent, it seems $_SESSION would not be registered, but I would have the valid session id, so how to I access that session object?
[SOLVED]How to get SESSION vars from PHPSESSID w/o a cookie?
Moderator: General Moderators
[SOLVED]How to get SESSION vars from PHPSESSID w/o a cookie?
Last edited by abeall on Mon Feb 05, 2007 11:32 am, edited 1 time in total.
http://uk.php.net/manual/en/function.session-id.php - This may be useful in this situation.
http://uk.php.net/manual/en/ref.session.php - Session handling functions
http://uk.php.net/manual/en/ref.session.php - Session handling functions
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Re: How to get SESSION vars from PHPSESSID without a cookie?
Heh???abeall wrote:I'm working on a project in which I'm facing a situation where I will not be able to send cookie data, but I can send the PHPSESSIONID(as returned by JS document.cookie) via a querystring, like this:
script.php?sessid=u92yh54t7356953h6957
The question is, how would I retrieve $_SESSION variables at that point? Since the cookie has not been sent, it seems $_SESSION would not be registered, but I would have the valid session id, so how to I access that session object?
You can't send cookie data but you can send cookie identifiers? In this case PHPSESSIONID?
Why are you doing this - the only thing I can think of is your trying to communicate across seperate domains? In which case if your domains are hosted on seperate servers - your screwed.
I believe you can pass the SESSION ID's over to a seperate domain, if their both hosted on the same shared server, but thats it...
What is it exactly, you are trying to accomplish?
Thanks. Interestingly, I have both those pages open in tabs, I guess I'm on the right track. I'm not sure I completely get how session_id() works, but I tried something simple, like this:
And it seems to do what I want. I can have an unauthenticated/logged in browser(in my test, FireFox), then grab the session ID from an authenticated browser(IE7), and insert it in the query, and I get authenticated results. Thanks!
Code: Select all
// authenticate via $_SESSION, or $_GET['sessid'] if provided
if($_GET['sessid']){
session_id($_GET['sessid']);
}
session_start();
$loggedIn = $_SESSION['pb_loggedIn'];
if($loggedIn) {
...An interesting question. I'm using Flash 8 to upload files via POST data. Sadly, while Flash 8 will send cookie data with other HTTP calls, it seems to have inconsistent results with the particular upload method. All my tests have successfully sent cookie data with the upload method(testing FF and IE7, default security settings), however there are many confirmed results from other Flash users that cookies aren't successfully sent with the Flash upload method(though no official word from Adobe AFAIK), so I'm hesitant to rely on it.Why are you doing this - the only thing I can think of is your trying to communicate across seperate domains? In which case if your domains are hosted on seperate servers - your screwed.
As a result, I'm retrieving PHPSESSIONID via JavaScript(document.cookie), and appending it to the URL which is the PHP script to handle the uploaded file. Ugly as sin, I know...
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Hmmmm...ok...
I believe that relying on PHPSESSIONID inside your Javascript...is a bad idea...session_id() returns the name of the session (in this case PHPSESSIONID) but it can be changed via the session_id() function as well. So if you can pass the results of session_id() to your javascript that might work better - if my assumption is accurate
I believe that relying on PHPSESSIONID inside your Javascript...is a bad idea...session_id() returns the name of the session (in this case PHPSESSIONID) but it can be changed via the session_id() function as well. So if you can pass the results of session_id() to your javascript that might work better - if my assumption is accurate
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
Hockey's referring to session_name(). session_id() will return the ID number.Hockey wrote:Hmmmm...ok...
I believe that relying on PHPSESSIONID inside your Javascript...is a bad idea...session_id() returns the name of the session (in this case PHPSESSIONID) but it can be changed via the session_id() function as well. So if you can pass the results of session_id() to your javascript that might work better - if my assumption is accurate
Better yet, since the page is PHP I can skip the JS and just embed the session ID directly into Flash(using session_name() I guess) with Flash's embed/object tags, since the problem is only in Flash's HTTP request, but the page itself is generated by sessioned PHP. Thanks both.feyd wrote:Hockey's referring to session_name(). session_id() will return the ID number.Hockey wrote:Hmmmm...ok...
I believe that relying on PHPSESSIONID inside your Javascript...is a bad idea...session_id() returns the name of the session (in this case PHPSESSIONID) but it can be changed via the session_id() function as well. So if you can pass the results of session_id() to your javascript that might work better - if my assumption is accurate