homepage Welcome to WebmasterWorld Guest from 54.234.0.85
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Passing SID to Secure Server
Trying to pass $_SESSION variables to SSL
Kenton

10+ Year Member



 
Msg#: 3139245 posted 12:22 am on Oct 30, 2006 (gmt 0)

Hi

I'm trying to pass the current $_SESSION[] array variables to my secure domain for payment details.

I am attempting this via passing the SID via URL thus:

example1.php (Non-SSL)
<?
session_start(); // Start Session
$_SESSION['package']='Package1';
$SID = session_id();
echo $_SESSION['package'] ;
echo "<form action='https://secure.example.com/example2.php?SID=$SID' method='post'><input type='submit' value='Continue'></form>";
?>

example2.php (SSL)
<?
session_start(); // Start Session
if (isset($_GET['SID'])) {
$_SESSION['session_id']=$_GET['SID'];
}
echo $_SESSION['package'] ;
?>

However, example2.php keeps coming back with "Undefined index: package"

What am I doing wrong?

 

barns101

5+ Year Member



 
Msg#: 3139245 posted 8:41 am on Oct 30, 2006 (gmt 0)

Possibly the session cookie is not readable from a different subdomain.

FalseDawn

5+ Year Member



 
Msg#: 3139245 posted 5:49 pm on Oct 30, 2006 (gmt 0)

It's not a session cookie issue as they are trying to pass the session ID via the URL.

However, the code is all wrong.
Firstly, read this:
[us3.php.net...]

This:

$SID = session_id();

is not needed, as SID is a predefined constant.

in example 2,
this:

$_SESSION['session_id']=$_GET['SID'];

No idea what you are trying to do here - but sessions should be pretty transparently handled by PHP.

Look closely at example 3 in the above link on the PHP site - that should help you out.

Kenton

10+ Year Member



 
Msg#: 3139245 posted 12:02 am on Oct 31, 2006 (gmt 0)

Thnaks FalseDawn

in
$_SESSION['session_id']=$_GET['SID'];

What I was attempting to do was pass the SID from the non-SSL session to the SSL session.

Basically, I have a bunch of session variables obtained during the non-SSL session:
$_SESSION['user_first_name']='Fred'
$_SESSION['user_last_name']='Blogs'
$_SESSION['user_address']='1313 Mockingbird Ln'
etc

but I am losing these when the user goes to SSL for payment and I don't want that to happen.

I looked at example 3 but didn't see how this related to my problem of transfering session variables between domains (non-SSL & SSL).

I had looked elswhere here and the solution seemed to be to pass the SID via the URL. I assumed you then just assign the current SID to be the old SID.

Thanks for any help

Kenton

10+ Year Member



 
Msg#: 3139245 posted 2:14 am on Oct 31, 2006 (gmt 0)

Oops ... i can see how example 3 helps now ... however I can't get it to work.

SID is null and if I create a variable $id=session_id() and use that in the URl, the session id is passed but the $count is not incremented.

I must have a bigger problem eh?

FalseDawn

5+ Year Member



 
Msg#: 3139245 posted 7:02 am on Oct 31, 2006 (gmt 0)


in
$_SESSION['session_id']=$_GET['SID'];

What I was attempting to do was pass the SID from the non-SSL session to the SSL session.

OK, that's not how you do it - that'll just set a session variable called "session_id" to whatever $_GET['SID'] happens to be.

example 3 actually appears to be missing a session_start(); statement right after the opening <?php tag, as in the other 2 examples.
In any script where you need to use session variables, this must be present. Try adding this and see how you get on.

Edit: SID will be null if the session cookie is present on the client - in this case, your session cookie is probably not being set and/or read correctly, as barnes101 suggested

[us3.php.net...]

If this is the case, there should be no need to pass the session ID via the URL anyway.
Also, bear in mind that it is not possible to tell if a session cookie can be set or not on the first invocation of a script - if that is relevant in this case or not, I don't know.

[edited by: FalseDawn at 7:13 am (utc) on Oct. 31, 2006]

Kenton

10+ Year Member



 
Msg#: 3139245 posted 12:58 am on Nov 1, 2006 (gmt 0)

Hi FD

I added session_start() but it now comes back with "Undefined variable: count" on the second load of the page.

The URL (in the address bar) still shows ..../nextpage.php?
(no SID)

If I assign $id=session_id() and pass that, the SID appears in the address bar, but I still get the error "Undefined variable: count"

I also tried another example of storing the SID in the DB but this also failed. I seem to have a setting that's gone bad. Is there something I can look for in phpinfo() perhaps?

Thanks

[edited by: Kenton at 1:04 am (utc) on Nov. 1, 2006]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved