Problems with sessions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mjseaden
Forum Contributor
Posts: 458
Joined: Wed Mar 17, 2004 5:49 am

Problems with sessions

Post by mjseaden »

Hi,

I've created an image validation script in PHP, which generates graphical letters on top of an image using GD2 library. I want to ask the users to type in what's on this image to prevent someone repeatedly trying to guess passwords on my password pages by programming their own browser.

The PHP script, validate.php, sends JPG headers to the browser, and I get the image onto the page in an img tag:

Code: Select all

<img src="validate.php"/>
In my image validator generation script validate.php, I turn on sessions, and I save the random 5 digit code I render to the image to the session 'verify_code'.

Here's the problem. When I try and access the session from the php script in which the <img> tag is placed, it doesn't show up as a recorded index.

Curious, I've checked the directory in which my PHP install is writing session data, and lo and behold, it is using different unique session id's for the validate.php script, and the script in which the image is rendered.

Therefore I can't access the verify code from the script I need to.

Why are the sessions different, and is there any way I make them the same (sounds like something that's difficult, but I've got to ask)?

Many thanks
Begby
Forum Regular
Posts: 575
Joined: Wed Dec 13, 2006 10:28 am

Post by Begby »

Are you accessing the scripts from the same URL? Like is one http://www.mysite.com/validate.php and the other one http://www.myothersite.com/formscript.php?
mjseaden
Forum Contributor
Posts: 458
Joined: Wed Mar 17, 2004 5:49 am

Post by mjseaden »

Hi begby,

No, both scripts are on the same server, but PHP is generating different session IDs for both. Both session files are stored on my server's sessions directory (C:\Temp).

I don't know why the script loaded with <img src="script.php"/> produces a different session ID to the script on which the image tag is.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

If the information from session_get_cookie_params() is different, that would explain it.
mjseaden
Forum Contributor
Posts: 458
Joined: Wed Mar 17, 2004 5:49 am

Post by mjseaden »

Hi feyd,

As I say, I know that the session id's being recorded for each script are different, as they produce different session files in my C:\Temp directory, where all sessions are recorded. Here's an output of the two separate files. I have 'verify_code' being used as a session variable in verify.php, and 'testsession' being used as a session variable in admin.php, which includes an include file called adminbase.inc, which defines a class that produces a login form that includes the verification image.

Code: Select all

verify_code|s:32:"34a8f3b181ca4b9df3e3b477546ac7a5";

Code: Select all

testsession|s:5:"hello";
The verify code has been passed through an MD5 hash.

Is it possible that this is caused by the fact that the login form logic is in a .inc file, and being included in admin.php - is it possible that PHP is allocated different session ids to an include?

Many thanks, would be great to solve this problem.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

mjseaden wrote:Is it possible that this is caused by the fact that the login form logic is in a .inc file, and being included in admin.php - is it possible that PHP is allocated different session ids to an include?
PHP doesn't care what file extension it's processing.

Did you look at the output of session_get_cookie_params() for each of the scripts?
mjseaden
Forum Contributor
Posts: 458
Joined: Wed Mar 17, 2004 5:49 am

Post by mjseaden »

Hi feyd,

I can't run the session parameters function in verify.php, as if it outputs any data, it 'corrupts' the jpeg produced by the verify.php script after being called from the <img...> tag. So in the state its currently in, I can't read any text sent to the browser.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

So disable the jpeg stuff so you can debug it.
mjseaden
Forum Contributor
Posts: 458
Joined: Wed Mar 17, 2004 5:49 am

Post by mjseaden »

Hi feyd,

The reason why disabling the jpeg code doesn't aid matters is that the script is called from an <img> tag, not a link or from entering the script in the address bar. Therefore I can't output text into the image, and simply checking the verify.php script by putting directly into the address bar will not help because that it not the circumstance in which the script is used.

My suspicion is that PHP allocates a different session ID because the script is executed from an IMG tag. I don't believe it's arbitrary, rather like PHP allocating a different session ID if you use <ForceType> on any particular script.

This still isn't resolved, so I'll continue plugging away...
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

As long as the URL is the same, it's exactly the same to the browser. So yes, you can output text from the image script.
Post Reply