[thelist] HELP! recongnize PHP session variables in frames
Eric Cestari
eric at ohmforce.com
Sat Feb 17 17:07:03 CST 2001
Hi,
As Matt said, a session variable is a variable passed to every script the
user invokes.
So wherever you session_register() a variable, it is available in the global
scope of all the scripts during the session.
<tip type="php session variables are globals" author="eric cestari">
When using a session variable in a function in PHP, don't forget to declare
it global first !
This is one source of bugs, as php won't tell you that it has not been
declared.
</tip>
You can also use the very practical session_is_registered("foo") to check if
variable $foo has been ... well ... registered. Two main uses : debug and
security.
debug is obvious. And you might want to use it :)
For security, if you don't have the track_vars configuration option
activated, if you check that a user is logged do not use :
if (isset($login))
{
perform_secure_tasks();
}
else
{
kick_out();
}
as a malicious user could add at the end of the script url
http://some.url/bar.php?login=true
and isset($login) would return true.
do instead :
if (session_is_registered("login"))
{
perform_secure_tasks();
}
else
{
kick_out();
}
Hope this helps :)
Eric
----- Original Message -----
From: "Warden, Matt" <mwarden at odyssey-design.com>
To: <thelist at lists.evolt.org>
Sent: Saturday, February 17, 2001 10:16 PM
Subject: Re: [thelist] HELP! recongnize PHP session variables in frames
> <disclaimer>
> I know very little about PHP sessions. What I'm offering is information on
the
> usual implementation of sessions and adding a bit of common sense into the
> mix.
> </disclaimer>
>
> > If I have the frames listed below in a file called framepage.php:
> >
> > <FRAMESET COLS="73,*">
> > <FRAME SRC="sidebar.html" NAME="sidebar">
> > <FRAME SRC="main.php" NAME="main">
> > </FRAMESET>
> >
> > How can I send a session variable to main.php instead of just the entire
> > framepage.php??
> >
> > I am using php session variables for a login session, so framepage.php
is
> loading
> > up, but the main frame section called main.php needs to call theses
> variables also
> > to perform different tasks depending on the user logged in.
>
> The basic idea of sessions is to "link" a set of requests to a single
user. If
> a user makes two HTTP requests, the server doesn't know whether those
requests
> came from two different users or the same user. With sessions, this
> information is available (as long as cookies are enabled or some other
method
> is used (like passing the sessionid in the querystring)). So, then it
doesn't
> make sense that framepage.php would have session variables available and
> main.php (or sidebar.php for that matter).
>
> Have you varified that you can print out the session variables in
> framepage.php? If you can't, there's a problem with sessions, not passing
the
> variables.
>
> If, in fact, there is some unique issue with PHP sessions, you can always
do
> this:
>
> <FRAMESET COLS="73,*">
> <FRAME SRC="sidebar.html" NAME="sidebar">
> <FRAME SRC="main.php<? echo "?var1=$sessionvar1" ?>" NAME="main">
> </FRAMESET>
>
> and it will be available to main.php as $var1 and $HTTP_GET_VARS['var1']
>
> But, like I said, you shouldn't have to do that.
>
>
>
> HTH,
>
>
> --
> mattwarden
> mattwarden.com
>
===========================+========================
Eric Cestari | Ohm
Force
Chief Web Designer | Digital Audio Software
mailto:eric.cestari at ohmforce.com | http://www.ohmforce.com
===========================+========================
More information about the thelist
mailing list