Page 1 of 1

Session variable not showing up in other pages

Posted: Thu Sep 06, 2007 9:11 am
by seodevhead
Hey guys...

I have a php page that creates a session variable called $_SESSION['key'] and I want this session variable to be accessible in another page that links to it. Easy enough, right?

Well, just to be clear, the header file included in each of these pages does indeed contain session_start(); before anything else, so that isn't the problem.

Here is the page that sets the Session variable:

Code: Select all

# Start Output Buffering:
ob_start();

# Initialize Session
session_start();

		$_SESSION['key'] = md5('gobleygook');
		
		if (isset($_SESSION['key']) && $_SESSION['key'] = md5('gobleygook'))
			echo '<h1>SESSION HAS BEEN SET</h1>';  // This actually outputs in the browser, so I know the session is indeed being set correctly.

                 echo '<a href="page2.php">Go To Page 2</a>';

# Flush the buffered output:
ob_end_flush();

Here is the page2.php that links to the page where the Session variable $_SESSION['key'] is created.

Code: Select all

# Start Output Buffering:
ob_start();

# Initialize Session
session_start();

if (isset($_SESSION['key']) && $_SESSION['key'] = md5('gobleygook')) // THIS FAILS!!!
	echo '<h1>SESSION HAS BEEN SET</h1>';  // This DOES NOT output.

# Flush the buffered output:
ob_end_flush();
Any ideas why page2.php doesn't recognize $_SESSION['key'] at all? This is stumping me big time. Any help is GREATLY appreciated. Thanks guys.

Posted: Thu Sep 06, 2007 9:21 am
by s.dot

Code: Select all

print_r($_SESSION);

Code: Select all

//turn on error reporting
ini_set('display_errors', 'On');
error_reporting(E_ALL);
Also, with included files you have to be careful of spaces or new lines after the closing ?> php tag (if you have one).

Posted: Thu Sep 06, 2007 10:07 am
by seodevhead
I just now figured out what the problem is.

The page that sets the session variable is called upon by a Payment Gateway. And this payment gateway actually "fetches" this php page on my server, and serves it as a snapshot to the visitor on their server. For instance, when this first php page above is accessed by the visitor, the URL in the URL bar in the browser, is not actually my server's URL.. but rather the payment gateway's.

So it seems that I can't set a session variable on this page because it is fetched and displayed by the payment gateway's servers.

Now that I can't utilize sessions... I am at a bit of a loss as to how I can create a secure keycode that will allow me to pass to other pages on my site so as to authenticate the user as a customer of the payment gateway. A hidden form input would do the trick... but it's not so "hidden" and can be grabbed for malicious form spoofing from other servers.

I guess the other option would be to store the session data in my MySQL database. I've never done this.. but does this sound like a good plan?

Any ideas you may have would greatly be appreciated. Thanks so much.